Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/saods9-8.2+repack/tcliis/xim.h
Examining data/saods9-8.2+repack/tcliis/iis.c
Examining data/saods9-8.2+repack/tcliis/ximtool.h
Examining data/saods9-8.2+repack/tcliis/iistcl.h
Examining data/saods9-8.2+repack/tcliis/xim.C
Examining data/saods9-8.2+repack/tcliis/iis.h
Examining data/saods9-8.2+repack/tcliis/iistcl.C
Examining data/saods9-8.2+repack/tcliis/util.c
Examining data/saods9-8.2+repack/util/fuzzy.h
Examining data/saods9-8.2+repack/util/util.h
Examining data/saods9-8.2+repack/util/FlexLexer.h
Examining data/saods9-8.2+repack/util/util.C
Examining data/saods9-8.2+repack/fitsy/column.C
Examining data/saods9-8.2+repack/fitsy/outfits.C
Examining data/saods9-8.2+repack/fitsy/rice.h
Examining data/saods9-8.2+repack/fitsy/allocgz.C
Examining data/saods9-8.2+repack/fitsy/outchannel.C
Examining data/saods9-8.2+repack/fitsy/order.C
Examining data/saods9-8.2+repack/fitsy/gzip.h
Examining data/saods9-8.2+repack/fitsy/enviparser.H
Examining data/saods9-8.2+repack/fitsy/head.h
Examining data/saods9-8.2+repack/fitsy/outsocket.C
Examining data/saods9-8.2+repack/fitsy/hist.h
Examining data/saods9-8.2+repack/fitsy/channel.h
Examining data/saods9-8.2+repack/fitsy/plio.C
Examining data/saods9-8.2+repack/fitsy/block.C
Examining data/saods9-8.2+repack/fitsy/nrrd.h
Examining data/saods9-8.2+repack/fitsy/hpx.h
Examining data/saods9-8.2+repack/fitsy/smap.C
Examining data/saods9-8.2+repack/fitsy/mapincr.C
Examining data/saods9-8.2+repack/fitsy/card.h
Examining data/saods9-8.2+repack/fitsy/map.h
Examining data/saods9-8.2+repack/fitsy/compress.C
Examining data/saods9-8.2+repack/fitsy/share.C
Examining data/saods9-8.2+repack/fitsy/lex.C
Examining data/saods9-8.2+repack/fitsy/outfile.C
Examining data/saods9-8.2+repack/fitsy/sshare.h
Examining data/saods9-8.2+repack/fitsy/savefits.C
Examining data/saods9-8.2+repack/fitsy/nrrdgzip.C
Examining data/saods9-8.2+repack/fitsy/envilex.C
Examining data/saods9-8.2+repack/fitsy/mmap.C
Examining data/saods9-8.2+repack/fitsy/parser.H
Examining data/saods9-8.2+repack/fitsy/nrrdlex.C
Examining data/saods9-8.2+repack/fitsy/socketgz.h
Examining data/saods9-8.2+repack/fitsy/var.h
Examining data/saods9-8.2+repack/fitsy/iis.C
Examining data/saods9-8.2+repack/fitsy/strm.C
Examining data/saods9-8.2+repack/fitsy/wcs.h
Examining data/saods9-8.2+repack/fitsy/file.h
Examining data/saods9-8.2+repack/fitsy/mmapincr.h
Examining data/saods9-8.2+repack/fitsy/photo.C
Examining data/saods9-8.2+repack/fitsy/envi.C
Examining data/saods9-8.2+repack/fitsy/analysis.C
Examining data/saods9-8.2+repack/fitsy/hdu.C
Examining data/saods9-8.2+repack/fitsy/hdecompress.c
Examining data/saods9-8.2+repack/fitsy/smmap.C
Examining data/saods9-8.2+repack/fitsy/hcompress.C
Examining data/saods9-8.2+repack/fitsy/socket.C
Examining data/saods9-8.2+repack/fitsy/alloc.C
Examining data/saods9-8.2+repack/fitsy/nrrdparser.H
Examining data/saods9-8.2+repack/fitsy/ricecomp.c
Examining data/saods9-8.2+repack/fitsy/channel.C
Examining data/saods9-8.2+repack/fitsy/outsocket.h
Examining data/saods9-8.2+repack/fitsy/enviparser.C
Examining data/saods9-8.2+repack/fitsy/head.C
Examining data/saods9-8.2+repack/fitsy/gzip.C
Examining data/saods9-8.2+repack/fitsy/order.h
Examining data/saods9-8.2+repack/fitsy/column.h
Examining data/saods9-8.2+repack/fitsy/outchannel.h
Examining data/saods9-8.2+repack/fitsy/rice.C
Examining data/saods9-8.2+repack/fitsy/allocgz.h
Examining data/saods9-8.2+repack/fitsy/outfits.h
Examining data/saods9-8.2+repack/fitsy/share.h
Examining data/saods9-8.2+repack/fitsy/compress.h
Examining data/saods9-8.2+repack/fitsy/sshare.C
Examining data/saods9-8.2+repack/fitsy/outfile.h
Examining data/saods9-8.2+repack/fitsy/mapincr.h
Examining data/saods9-8.2+repack/fitsy/smap.h
Examining data/saods9-8.2+repack/fitsy/map.C
Examining data/saods9-8.2+repack/fitsy/card.C
Examining data/saods9-8.2+repack/fitsy/pliocomp.c
Examining data/saods9-8.2+repack/fitsy/block.h
Examining data/saods9-8.2+repack/fitsy/plio.h
Examining data/saods9-8.2+repack/fitsy/hpx.C
Examining data/saods9-8.2+repack/fitsy/nrrd.C
Examining data/saods9-8.2+repack/fitsy/photo.h
Examining data/saods9-8.2+repack/fitsy/envi.h
Examining data/saods9-8.2+repack/fitsy/strm.h
Examining data/saods9-8.2+repack/fitsy/mmapincr.C
Examining data/saods9-8.2+repack/fitsy/var.C
Examining data/saods9-8.2+repack/fitsy/socketgz.C
Examining data/saods9-8.2+repack/fitsy/iis.h
Examining data/saods9-8.2+repack/fitsy/shmload.C
Examining data/saods9-8.2+repack/fitsy/mmap.h
Examining data/saods9-8.2+repack/fitsy/nrrdgzip.h
Examining data/saods9-8.2+repack/fitsy/parser.C
Examining data/saods9-8.2+repack/fitsy/socket.h
Examining data/saods9-8.2+repack/fitsy/hcompress.h
Examining data/saods9-8.2+repack/fitsy/nrrdparser.C
Examining data/saods9-8.2+repack/fitsy/alloc.h
Examining data/saods9-8.2+repack/fitsy/smmap.h
Examining data/saods9-8.2+repack/fitsy/analysis.h
Examining data/saods9-8.2+repack/fitsy/hdu.h
Examining data/saods9-8.2+repack/fitsy/hist.C
Examining data/saods9-8.2+repack/fitsy/file.C
Examining data/saods9-8.2+repack/tksao/widget/truecolor24.C
Examining data/saods9-8.2+repack/tksao/widget/widget.h
Examining data/saods9-8.2+repack/tksao/widget/truecolor8.C
Examining data/saods9-8.2+repack/tksao/widget/truecolor16.C
Examining data/saods9-8.2+repack/tksao/widget/truecolor24.h
Examining data/saods9-8.2+repack/tksao/widget/truecolor8.h
Examining data/saods9-8.2+repack/tksao/widget/truecolor16.h
Examining data/saods9-8.2+repack/tksao/widget/widget.C
Examining data/saods9-8.2+repack/tksao/frame/frcommand.C
Examining data/saods9-8.2+repack/tksao/frame/fitsenvi.C
Examining data/saods9-8.2+repack/tksao/frame/cpanda.h
Examining data/saods9-8.2+repack/tksao/frame/bpanda.C
Examining data/saods9-8.2+repack/tksao/frame/framebase.h
Examining data/saods9-8.2+repack/tksao/frame/baseline.h
Examining data/saods9-8.2+repack/tksao/frame/prosparser.C
Examining data/saods9-8.2+repack/tksao/frame/vect.h
Examining data/saods9-8.2+repack/tksao/frame/box.h
Examining data/saods9-8.2+repack/tksao/frame/composite.h
Examining data/saods9-8.2+repack/tksao/frame/compass.C
Examining data/saods9-8.2+repack/tksao/frame/ciaoparser.C
Examining data/saods9-8.2+repack/tksao/frame/colorscaletrue32.h
Examining data/saods9-8.2+repack/tksao/frame/ruler.h
Examining data/saods9-8.2+repack/tksao/frame/colorscaletrue8.h
Examining data/saods9-8.2+repack/tksao/frame/polygon.h
Examining data/saods9-8.2+repack/tksao/frame/frametruecolor24.h
Examining data/saods9-8.2+repack/tksao/frame/colorscalergb.C
Examining data/saods9-8.2+repack/tksao/frame/frame3dbase.h
Examining data/saods9-8.2+repack/tksao/frame/fitsdata.h
Examining data/saods9-8.2+repack/tksao/frame/frame3dtruecolor16.h
Examining data/saods9-8.2+repack/tksao/frame/baseload.C
Examining data/saods9-8.2+repack/tksao/frame/frmarkerxml.C
Examining data/saods9-8.2+repack/tksao/frame/fitscompress.C
Examining data/saods9-8.2+repack/tksao/frame/basepolygon.C
Examining data/saods9-8.2+repack/tksao/frame/colorscale.C
Examining data/saods9-8.2+repack/tksao/frame/framergbtruecolor24.C
Examining data/saods9-8.2+repack/tksao/frame/ds9lex.C
Examining data/saods9-8.2+repack/tksao/frame/frameload.C
Examining data/saods9-8.2+repack/tksao/frame/annulus.C
Examining data/saods9-8.2+repack/tksao/frame/fvcontour.h
Examining data/saods9-8.2+repack/tksao/frame/fitsimage.h
Examining data/saods9-8.2+repack/tksao/frame/tag.h
Examining data/saods9-8.2+repack/tksao/frame/colorscaletrue24.C
Examining data/saods9-8.2+repack/tksao/frame/tngparser.C
Examining data/saods9-8.2+repack/tksao/frame/segment.h
Examining data/saods9-8.2+repack/tksao/frame/text.h
Examining data/saods9-8.2+repack/tksao/frame/projection.h
Examining data/saods9-8.2+repack/tksao/frame/xyparser.C
Examining data/saods9-8.2+repack/tksao/frame/circle.h
Examining data/saods9-8.2+repack/tksao/frame/ellipseannulus.h
Examining data/saods9-8.2+repack/tksao/frame/contour.C
Examining data/saods9-8.2+repack/tksao/frame/point.h
Examining data/saods9-8.2+repack/tksao/frame/saolex.C
Examining data/saods9-8.2+repack/tksao/frame/basebox.h
Examining data/saods9-8.2+repack/tksao/frame/lex.C
Examining data/saods9-8.2+repack/tksao/frame/saoparser.H
Examining data/saods9-8.2+repack/tksao/frame/fitsanalysis.C
Examining data/saods9-8.2+repack/tksao/frame/parser.H
Examining data/saods9-8.2+repack/tksao/frame/colorscaletrue16.C
Examining data/saods9-8.2+repack/tksao/frame/frame3d.h
Examining data/saods9-8.2+repack/tksao/frame/xylex.C
Examining data/saods9-8.2+repack/tksao/frame/framergbtruecolor16.C
Examining data/saods9-8.2+repack/tksao/frame/ellipse.C
Examining data/saods9-8.2+repack/tksao/frame/frame.h
Examining data/saods9-8.2+repack/tksao/frame/ds9parser.H
Examining data/saods9-8.2+repack/tksao/frame/boxannulus.C
Examining data/saods9-8.2+repack/tksao/frame/contourparser.C
Examining data/saods9-8.2+repack/tksao/frame/inversescale.C
Examining data/saods9-8.2+repack/tksao/frame/basemarker.C
Examining data/saods9-8.2+repack/tksao/frame/line.C
Examining data/saods9-8.2+repack/tksao/frame/framergb.h
Examining data/saods9-8.2+repack/tksao/frame/sigbus.h
Examining data/saods9-8.2+repack/tksao/frame/fitsmask.h
Examining data/saods9-8.2+repack/tksao/frame/context.h
Examining data/saods9-8.2+repack/tksao/frame/baseellipse.h
Examining data/saods9-8.2+repack/tksao/frame/marker.h
Examining data/saods9-8.2+repack/tksao/frame/epanda.h
Examining data/saods9-8.2+repack/tksao/frame/wcsast.h
Examining data/saods9-8.2+repack/tksao/frame/frmarker.C
Examining data/saods9-8.2+repack/tksao/frame/base.C
Examining data/saods9-8.2+repack/tksao/frame/coord.h
Examining data/saods9-8.2+repack/tksao/frame/frscale.h
Examining data/saods9-8.2+repack/tksao/frame/framergbtruecolor8.h
Examining data/saods9-8.2+repack/tksao/frame/frame3dtruecolor24.h
Examining data/saods9-8.2+repack/tksao/frame/raytrace.h
Examining data/saods9-8.2+repack/tksao/frame/frametruecolor8.h
Examining data/saods9-8.2+repack/tksao/frame/frame3dtruecolor8.h
Examining data/saods9-8.2+repack/tksao/frame/grid.h
Examining data/saods9-8.2+repack/tksao/frame/frametruecolor16.h
Examining data/saods9-8.2+repack/tksao/frame/fitsbin.C
Examining data/saods9-8.2+repack/tksao/frame/callback.C
Examining data/saods9-8.2+repack/tksao/frame/ciaolex.C
Examining data/saods9-8.2+repack/tksao/frame/frame3dtruecolor16.C
Examining data/saods9-8.2+repack/tksao/frame/fitsdata.C
Examining data/saods9-8.2+repack/tksao/frame/colorscale.h
Examining data/saods9-8.2+repack/tksao/frame/basepolygon.h
Examining data/saods9-8.2+repack/tksao/frame/polygon.C
Examining data/saods9-8.2+repack/tksao/frame/colorscaletrue8.C
Examining data/saods9-8.2+repack/tksao/frame/colorscaletrue32.C
Examining data/saods9-8.2+repack/tksao/frame/ruler.C
Examining data/saods9-8.2+repack/tksao/frame/frblt.C
Examining data/saods9-8.2+repack/tksao/frame/ciaoparser.H
Examining data/saods9-8.2+repack/tksao/frame/frame3dbase.C
Examining data/saods9-8.2+repack/tksao/frame/colorscalergb.h
Examining data/saods9-8.2+repack/tksao/frame/frametruecolor24.C
Examining data/saods9-8.2+repack/tksao/frame/composite.C
Examining data/saods9-8.2+repack/tksao/frame/box.C
Examining data/saods9-8.2+repack/tksao/frame/vect.C
Examining data/saods9-8.2+repack/tksao/frame/prosparser.H
Examining data/saods9-8.2+repack/tksao/frame/fitshealpix.C
Examining data/saods9-8.2+repack/tksao/frame/compass.h
Examining data/saods9-8.2+repack/tksao/frame/framebase.C
Examining data/saods9-8.2+repack/tksao/frame/baseline.C
Examining data/saods9-8.2+repack/tksao/frame/fr3dmap.C
Examining data/saods9-8.2+repack/tksao/frame/bpanda.h
Examining data/saods9-8.2+repack/tksao/frame/xml.h
Examining data/saods9-8.2+repack/tksao/frame/cpanda.C
Examining data/saods9-8.2+repack/tksao/frame/basebox.C
Examining data/saods9-8.2+repack/tksao/frame/frsave.C
Examining data/saods9-8.2+repack/tksao/frame/saoparser.C
Examining data/saods9-8.2+repack/tksao/frame/contour.h
Examining data/saods9-8.2+repack/tksao/frame/ellipseannulus.C
Examining data/saods9-8.2+repack/tksao/frame/circle.C
Examining data/saods9-8.2+repack/tksao/frame/xyparser.H
Examining data/saods9-8.2+repack/tksao/frame/point.C
Examining data/saods9-8.2+repack/tksao/frame/text.C
Examining data/saods9-8.2+repack/tksao/frame/fitsmap.C
Examining data/saods9-8.2+repack/tksao/frame/segment.C
Examining data/saods9-8.2+repack/tksao/frame/tngparser.H
Examining data/saods9-8.2+repack/tksao/frame/colorscaletrue24.h
Examining data/saods9-8.2+repack/tksao/frame/tag.C
Examining data/saods9-8.2+repack/tksao/frame/fitsimage.C
Examining data/saods9-8.2+repack/tksao/frame/fvcontour.C
Examining data/saods9-8.2+repack/tksao/frame/projection.C
Examining data/saods9-8.2+repack/tksao/frame/framergbtruecolor24.h
Examining data/saods9-8.2+repack/tksao/frame/annulus.h
Examining data/saods9-8.2+repack/tksao/frame/contourlex.C
Examining data/saods9-8.2+repack/tksao/frame/frmap.C
Examining data/saods9-8.2+repack/tksao/frame/tnglex.C
Examining data/saods9-8.2+repack/tksao/frame/framergb.C
Examining data/saods9-8.2+repack/tksao/frame/line.h
Examining data/saods9-8.2+repack/tksao/frame/epanda.C
Examining data/saods9-8.2+repack/tksao/frame/marker.C
Examining data/saods9-8.2+repack/tksao/frame/basecommand.C
Examining data/saods9-8.2+repack/tksao/frame/baseellipse.C
Examining data/saods9-8.2+repack/tksao/frame/context.C
Examining data/saods9-8.2+repack/tksao/frame/fitsmask.C
Examining data/saods9-8.2+repack/tksao/frame/boxannulus.h
Examining data/saods9-8.2+repack/tksao/frame/grid2d.h
Examining data/saods9-8.2+repack/tksao/frame/ds9parser.C
Examining data/saods9-8.2+repack/tksao/frame/frame.C
Examining data/saods9-8.2+repack/tksao/frame/ellipse.h
Examining data/saods9-8.2+repack/tksao/frame/basemarker.h
Examining data/saods9-8.2+repack/tksao/frame/grid25d.h
Examining data/saods9-8.2+repack/tksao/frame/inversescale.h
Examining data/saods9-8.2+repack/tksao/frame/contourparser.H
Examining data/saods9-8.2+repack/tksao/frame/framergbtruecolor16.h
Examining data/saods9-8.2+repack/tksao/frame/proslex.C
Examining data/saods9-8.2+repack/tksao/frame/frame3d.C
Examining data/saods9-8.2+repack/tksao/frame/parser.C
Examining data/saods9-8.2+repack/tksao/frame/colorscaletrue16.h
Examining data/saods9-8.2+repack/tksao/frame/frametruecolor16.C
Examining data/saods9-8.2+repack/tksao/frame/grid.C
Examining data/saods9-8.2+repack/tksao/frame/fr3dcommand.C
Examining data/saods9-8.2+repack/tksao/frame/callback.h
Examining data/saods9-8.2+repack/tksao/frame/fitsblock.C
Examining data/saods9-8.2+repack/tksao/frame/fitsnrrd.C
Examining data/saods9-8.2+repack/tksao/frame/framergbtruecolor8.C
Examining data/saods9-8.2+repack/tksao/frame/frametruecolor8.C
Examining data/saods9-8.2+repack/tksao/frame/frame3dtruecolor8.C
Examining data/saods9-8.2+repack/tksao/frame/raytrace.C
Examining data/saods9-8.2+repack/tksao/frame/frame3dtruecolor24.C
Examining data/saods9-8.2+repack/tksao/frame/coord.C
Examining data/saods9-8.2+repack/tksao/frame/frscale.C
Examining data/saods9-8.2+repack/tksao/frame/grid3d.h
Examining data/saods9-8.2+repack/tksao/frame/base.h
Examining data/saods9-8.2+repack/tksao/frame/framergbload.C
Examining data/saods9-8.2+repack/tksao/frame/grid25d.C
Examining data/saods9-8.2+repack/tksao/frame/grid2d.C
Examining data/saods9-8.2+repack/tksao/frame/grid3d.C
Examining data/saods9-8.2+repack/tksao/frame/wcsast.C
Examining data/saods9-8.2+repack/tksao/panner/panner.h
Examining data/saods9-8.2+repack/tksao/panner/lex.C
Examining data/saods9-8.2+repack/tksao/panner/parser.H
Examining data/saods9-8.2+repack/tksao/panner/pannertrue.C
Examining data/saods9-8.2+repack/tksao/panner/panner.C
Examining data/saods9-8.2+repack/tksao/panner/parser.C
Examining data/saods9-8.2+repack/tksao/panner/pannertrue.h
Examining data/saods9-8.2+repack/tksao/colorbar/colorbartruecolor16.h
Examining data/saods9-8.2+repack/tksao/colorbar/colorbarrgb.C
Examining data/saods9-8.2+repack/tksao/colorbar/colorbartruecolor8.h
Examining data/saods9-8.2+repack/tksao/colorbar/sao.C
Examining data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor8.h
Examining data/saods9-8.2+repack/tksao/colorbar/lut.C
Examining data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor24.h
Examining data/saods9-8.2+repack/tksao/colorbar/colorbar.C
Examining data/saods9-8.2+repack/tksao/colorbar/saolex.C
Examining data/saods9-8.2+repack/tksao/colorbar/lex.C
Examining data/saods9-8.2+repack/tksao/colorbar/saoparser.H
Examining data/saods9-8.2+repack/tksao/colorbar/colorbarbase.C
Examining data/saods9-8.2+repack/tksao/colorbar/parser.H
Examining data/saods9-8.2+repack/tksao/colorbar/colortag.C
Examining data/saods9-8.2+repack/tksao/colorbar/colormap.C
Examining data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor16.h
Examining data/saods9-8.2+repack/tksao/colorbar/default.C
Examining data/saods9-8.2+repack/tksao/colorbar/colorbartruecolor24.h
Examining data/saods9-8.2+repack/tksao/colorbar/lutparser.C
Examining data/saods9-8.2+repack/tksao/colorbar/cbgrid.h
Examining data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor8.C
Examining data/saods9-8.2+repack/tksao/colorbar/colorbartruecolor8.C
Examining data/saods9-8.2+repack/tksao/colorbar/sao.h
Examining data/saods9-8.2+repack/tksao/colorbar/lutlex.C
Examining data/saods9-8.2+repack/tksao/colorbar/colorbarrgb.h
Examining data/saods9-8.2+repack/tksao/colorbar/colorbartruecolor16.C
Examining data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor24.C
Examining data/saods9-8.2+repack/tksao/colorbar/colorbar.h
Examining data/saods9-8.2+repack/tksao/colorbar/saoparser.C
Examining data/saods9-8.2+repack/tksao/colorbar/lut.h
Examining data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor16.C
Examining data/saods9-8.2+repack/tksao/colorbar/colormap.h
Examining data/saods9-8.2+repack/tksao/colorbar/colortag.h
Examining data/saods9-8.2+repack/tksao/colorbar/colorbarbase.h
Examining data/saods9-8.2+repack/tksao/colorbar/parser.C
Examining data/saods9-8.2+repack/tksao/colorbar/lutparser.H
Examining data/saods9-8.2+repack/tksao/colorbar/default.h
Examining data/saods9-8.2+repack/tksao/colorbar/colorbartruecolor24.C
Examining data/saods9-8.2+repack/tksao/colorbar/cbgrid.C
Examining data/saods9-8.2+repack/tksao/tkutil/gridbase.h
Examining data/saods9-8.2+repack/tksao/tkutil/grf.C
Examining data/saods9-8.2+repack/tksao/tkutil/ps.C
Examining data/saods9-8.2+repack/tksao/tkutil/grid25dbase.h
Examining data/saods9-8.2+repack/tksao/tkutil/psutil.C
Examining data/saods9-8.2+repack/tksao/tkutil/grid3dbase.C
Examining data/saods9-8.2+repack/tksao/tkutil/grid2dbase.h
Examining data/saods9-8.2+repack/tksao/tkutil/attribute.C
Examining data/saods9-8.2+repack/tksao/tkutil/fdstream.hpp
Examining data/saods9-8.2+repack/tksao/tkutil/convolve.h
Examining data/saods9-8.2+repack/tksao/tkutil/grid2dbase.C
Examining data/saods9-8.2+repack/tksao/tkutil/grid3dbase.h
Examining data/saods9-8.2+repack/tksao/tkutil/psutil.h
Examining data/saods9-8.2+repack/tksao/tkutil/grid25dbase.C
Examining data/saods9-8.2+repack/tksao/tkutil/ps.h
Examining data/saods9-8.2+repack/tksao/tkutil/gridbase.C
Examining data/saods9-8.2+repack/tksao/tkutil/grf3d.C
Examining data/saods9-8.2+repack/tksao/tkutil/attribute.h
Examining data/saods9-8.2+repack/tksao/tkutil/convolve.C
Examining data/saods9-8.2+repack/tksao/list/list.C
Examining data/saods9-8.2+repack/tksao/list/list.h
Examining data/saods9-8.2+repack/tksao/magnifier/magnifiertrue.h
Examining data/saods9-8.2+repack/tksao/magnifier/lex.C
Examining data/saods9-8.2+repack/tksao/magnifier/parser.H
Examining data/saods9-8.2+repack/tksao/magnifier/magnifier.h
Examining data/saods9-8.2+repack/tksao/magnifier/magnifiertrue.C
Examining data/saods9-8.2+repack/tksao/magnifier/parser.C
Examining data/saods9-8.2+repack/tksao/magnifier/magnifier.C
Examining data/saods9-8.2+repack/tksao/saotk.C
Examining data/saods9-8.2+repack/tclfitsy/tclfitsy.h
Examining data/saods9-8.2+repack/tclfitsy/tclfitsy.C
Examining data/saods9-8.2+repack/vector/vector.C
Examining data/saods9-8.2+repack/vector/vector3d.C
Examining data/saods9-8.2+repack/vector/vectorstr.C
Examining data/saods9-8.2+repack/vector/vectorstr.h
Examining data/saods9-8.2+repack/vector/vector3d.h
Examining data/saods9-8.2+repack/vector/vector.h
FINAL RESULTS:
data/saods9-8.2+repack/fitsy/card.C:285:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cpy, value);
data/saods9-8.2+repack/fitsy/enviparser.C:902:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/saods9-8.2+repack/fitsy/lex.C:577:19: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#define RET(x) {strcat(ff_filter,yytext);return x;}
data/saods9-8.2+repack/fitsy/lex.C:773:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fflval->str,yytext);
data/saods9-8.2+repack/fitsy/lex.C:967:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fflval->str,yytext);
data/saods9-8.2+repack/fitsy/lex.C:991:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ff_filter,yytext);
data/saods9-8.2+repack/fitsy/lex.C:998:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ff_filter,yytext);
data/saods9-8.2+repack/fitsy/lex.C:1007:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fflval->str,yytext);
data/saods9-8.2+repack/fitsy/lex.C:1009:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ff_filter,fflval->str);
data/saods9-8.2+repack/fitsy/nrrdparser.C:1066:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/saods9-8.2+repack/fitsy/parser.C:900:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/saods9-8.2+repack/tcliis/iis.c:368:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (path, xim->unixaddr, getuid());
data/saods9-8.2+repack/tcliis/iis.c:376:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sockaddr.sun_path, path);
data/saods9-8.2+repack/tcliis/iis.c:814:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (wcs, "%s\n%f %f %f %f %f %f %f %f %d\n",
data/saods9-8.2+repack/tcliis/iis.c:817:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (mapping, "%s %f %f %d %d %d %d %d %d\n%s\n",
data/saods9-8.2+repack/tcliis/iis.c:821:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (text=emsg, wcs);
data/saods9-8.2+repack/tcliis/iis.c:822:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, mapping);
data/saods9-8.2+repack/tcliis/iis.c:889:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (chan->rf_p->ctran.format, W_DEFFORMAT);
data/saods9-8.2+repack/tcliis/iis.c:1122:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (curval, "%10.3f %10.3f %d %s %s\n",
data/saods9-8.2+repack/tcliis/iis.c:1231:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (obuf, ct->format, wx + 0.005, wy + 0.005, wz, ch);
data/saods9-8.2+repack/tcliis/iis.c:1287:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (df_p->label, "[%d] %s", df_p->frameno, df_p->ctran.imtitle);
data/saods9-8.2+repack/tcliis/iis.c:1358:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ct->format, format);
data/saods9-8.2+repack/tcliis/iis.c:1406:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (buf, wcsbuf);
data/saods9-8.2+repack/tcliis/iis.c:1418:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (&buf[i], "%s%f%f%d%d%d%d%d%d\n%s\n",
data/saods9-8.2+repack/tcliis/iis.c:1440:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "cache %s %d", mp->ref, mp->id);
data/saods9-8.2+repack/tcliis/iis.c:1446:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "cache %s %d %d", mp->ref, fr->frameno, mp->id);
data/saods9-8.2+repack/tcliis/iistcl.C:37:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copy,str);
data/saods9-8.2+repack/tcliis/util.c:85:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (lbuf, "%s/%s", fname, FBCONFIG_1);
data/saods9-8.2+repack/tcliis/xim.C:230:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fb->wcsbuf, wcs);
data/saods9-8.2+repack/tksao/colorbar/colorbarbase.C:215:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ticktxt[ii],str.str().c_str());
data/saods9-8.2+repack/tksao/colorbar/lutparser.C:650:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/saods9-8.2+repack/tksao/colorbar/parser.C:875:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/saods9-8.2+repack/tksao/colorbar/saoparser.C:677:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/saods9-8.2+repack/tksao/frame/base.C:1740:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf,base);
data/saods9-8.2+repack/tksao/frame/base.C:1743:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf,mod);
data/saods9-8.2+repack/tksao/frame/basecommand.C:1823:59: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Tcl_AppendElement(interp, coord.coordSystemStr((grid->system())));
data/saods9-8.2+repack/tksao/frame/basecommand.C:2468:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(magnifierName,nm);
data/saods9-8.2+repack/tksao/frame/basecommand.C:2578:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pannerName,n);
data/saods9-8.2+repack/tksao/frame/callback.C:14:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(proc_, a.proc_);
data/saods9-8.2+repack/tksao/frame/callback.C:15:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(arg_, a.arg_);
data/saods9-8.2+repack/tksao/frame/callback.C:26:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(proc_, a.proc_);
data/saods9-8.2+repack/tksao/frame/callback.C:27:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(arg_, a.arg_);
data/saods9-8.2+repack/tksao/frame/ciaoparser.C:800:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/saods9-8.2+repack/tksao/frame/ciaoparser.C:1533:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(color, fr->markerColor());
data/saods9-8.2+repack/tksao/frame/context.C:1959:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(key,kk);
data/saods9-8.2+repack/tksao/frame/context.C:2059:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(key,kk);
data/saods9-8.2+repack/tksao/frame/contourparser.C:980:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/saods9-8.2+repack/tksao/frame/contourparser.C:1919:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(localColor,globalColor);
data/saods9-8.2+repack/tksao/frame/ds9parser.C:2042:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/saods9-8.2+repack/tksao/frame/ds9parser.C:4133:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(localColor,fr->markerColor());
data/saods9-8.2+repack/tksao/frame/ds9parser.C:4135:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(localColor,globalColor);
data/saods9-8.2+repack/tksao/frame/ds9parser.C:4139:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(localFont,globalFont);
data/saods9-8.2+repack/tksao/frame/ds9parser.C:4140:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(localText,globalText);
data/saods9-8.2+repack/tksao/frame/frame3dbase.C:191:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system) {
data/saods9-8.2+repack/tksao/frame/frame3dbase.C:192:15: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (!strncmp(system,"Unknown",7))
data/saods9-8.2+repack/tksao/frame/frame3dbase.C:195:69: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Tcl_SetVar2(interp,var,varcat(buf,(char*)"wcs",ww,(char*)",sys"),system,0);
data/saods9-8.2+repack/tksao/frame/framebase.C:185:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system) {
data/saods9-8.2+repack/tksao/frame/framebase.C:186:15: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (!strncmp(system,"Unknown",7))
data/saods9-8.2+repack/tksao/frame/framebase.C:189:69: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Tcl_SetVar2(interp,var,varcat(buf,(char*)"wcs",ww,(char*)",sys"),system,0);
data/saods9-8.2+repack/tksao/frame/grid.h:39:22: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Coord::CoordSystem system() {return system_;}
data/saods9-8.2+repack/tksao/frame/marker.C:163:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(type_, a.type_);
data/saods9-8.2+repack/tksao/frame/parser.C:4519:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/saods9-8.2+repack/tksao/frame/prosparser.C:894:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/saods9-8.2+repack/tksao/frame/prosparser.C:1627:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(color, fr->markerColor());
data/saods9-8.2+repack/tksao/frame/ruler.C:454:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, distSpec, dist);
data/saods9-8.2+repack/tksao/frame/saoparser.C:806:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/saods9-8.2+repack/tksao/frame/saoparser.C:1539:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(color, fr->markerColor());
data/saods9-8.2+repack/tksao/frame/tngparser.C:873:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/saods9-8.2+repack/tksao/frame/tngparser.C:1772:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(localColor,fr->markerColor());
data/saods9-8.2+repack/tksao/frame/tngparser.C:1774:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(localColor,globalColor);
data/saods9-8.2+repack/tksao/frame/tngparser.C:1775:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(localText,globalText);
data/saods9-8.2+repack/tksao/frame/xyparser.C:837:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/saods9-8.2+repack/tksao/frame/xyparser.C:1570:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(color, fr->markerColor());
data/saods9-8.2+repack/tksao/magnifier/parser.C:664:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/saods9-8.2+repack/tksao/panner/parser.C:767:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/saods9-8.2+repack/tksao/widget/widget.C:468:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmd, options->cmdName);
data/saods9-8.2+repack/util/util.C:53:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copy,str);
data/saods9-8.2+repack/vector/vectorstr.C:21:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copy,str);
data/saods9-8.2+repack/fitsy/file.C:188:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env = getenv("DS9_BINKEY"))) {
data/saods9-8.2+repack/fitsy/file.C:201:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env = getenv("DS9_ARRAY"))) {
data/saods9-8.2+repack/tcliis/iis.c:513:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
iis_debug = (getenv("DEBUG_IIS") != (char *)NULL);
data/saods9-8.2+repack/tcliis/iis.c:1456:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("DEBUG_MAPPINGS") != NULL) print_mappings (fr);
data/saods9-8.2+repack/tcliis/util.c:82:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((fname=getenv(FBCONFIG_ENV1)) || (fname=getenv(FBCONFIG_ENV2)))
data/saods9-8.2+repack/tcliis/util.c:82:46: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((fname=getenv(FBCONFIG_ENV1)) || (fname=getenv(FBCONFIG_ENV2)))
data/saods9-8.2+repack/tcliis/util.c:84:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!fp && (fname = getenv ("HOME"))) {
data/saods9-8.2+repack/fitsy/alloc.C:22:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream_ = fopen(pName_, "rb");
data/saods9-8.2+repack/fitsy/card.C:26:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(card_, a.card_, FTY_CARDLEN);
data/saods9-8.2+repack/fitsy/card.C:37:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(card_, a.card_, FTY_CARDLEN);
data/saods9-8.2+repack/fitsy/card.C:53:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(card_,str.str().c_str(),str.str().length());
data/saods9-8.2+repack/fitsy/card.C:69:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(card_+8,str.str().c_str(),str.str().length());
data/saods9-8.2+repack/fitsy/card.C:84:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(card_+8,str.str().c_str(),str.str().length());
data/saods9-8.2+repack/fitsy/card.C:100:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(card_+8,str.str().c_str(),str.str().length());
data/saods9-8.2+repack/fitsy/card.C:115:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(card_+8,str.str().c_str(),str.str().length());
data/saods9-8.2+repack/fitsy/card.C:130:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(card_+8,str.str().c_str(),str.str().length());
data/saods9-8.2+repack/fitsy/card.C:142:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(card_+8,str.str().c_str(),str.str().length());
data/saods9-8.2+repack/fitsy/card.C:168:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[FTY_CARDLEN-10+1];
data/saods9-8.2+repack/fitsy/card.C:169:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, card_+10, FTY_CARDLEN-10);
data/saods9-8.2+repack/fitsy/card.C:191:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[FTY_CARDLEN-10+1];
data/saods9-8.2+repack/fitsy/card.C:192:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, card_+10, FTY_CARDLEN-10);
data/saods9-8.2+repack/fitsy/card.C:242:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cpy, card_+8, FTY_CARDLEN-8);
data/saods9-8.2+repack/fitsy/card.C:250:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[FTY_CARDLEN];
data/saods9-8.2+repack/fitsy/card.h:22:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf_[FTY_CARDLEN];
data/saods9-8.2+repack/fitsy/column.C:113:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(keybuf,str.str().c_str(),str.str().length());
data/saods9-8.2+repack/fitsy/column.C:403:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(abuf_,heap+pp,(*cnt)*psize_);
data/saods9-8.2+repack/fitsy/column.C:419:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[4];
data/saods9-8.2+repack/fitsy/column.C:430:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(u.c,p,4);
data/saods9-8.2+repack/fitsy/column.C:445:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[8];
data/saods9-8.2+repack/fitsy/column.C:460:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(u.c,p,8);
data/saods9-8.2+repack/fitsy/column.C:518:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[2];
data/saods9-8.2+repack/fitsy/column.C:548:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[2];
data/saods9-8.2+repack/fitsy/column.C:578:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[4];
data/saods9-8.2+repack/fitsy/column.C:589:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(u.c,p,4);
data/saods9-8.2+repack/fitsy/column.C:608:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[4];
data/saods9-8.2+repack/fitsy/column.C:619:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(u.c,p,4);
data/saods9-8.2+repack/fitsy/column.C:655:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[8];
data/saods9-8.2+repack/fitsy/column.C:670:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(u.c,p,8);
data/saods9-8.2+repack/fitsy/column.C:689:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[4];
data/saods9-8.2+repack/fitsy/column.C:700:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(u.c,p,4);
data/saods9-8.2+repack/fitsy/column.C:719:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[8];
data/saods9-8.2+repack/fitsy/column.C:734:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(u.c,p,8);
data/saods9-8.2+repack/fitsy/column.h:38:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_[128];
data/saods9-8.2+repack/fitsy/column.h:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keybuf[9];
data/saods9-8.2+repack/fitsy/compress.C:110:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[9];
data/saods9-8.2+repack/fitsy/compress.C:112:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key,ptr,8);
data/saods9-8.2+repack/fitsy/compress.C:422:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[ocnt*sizeof(T)];
data/saods9-8.2+repack/fitsy/compress.C:512:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[2];
data/saods9-8.2+repack/fitsy/compress.C:526:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[2];
data/saods9-8.2+repack/fitsy/compress.C:540:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[4];
data/saods9-8.2+repack/fitsy/compress.C:556:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[8];
data/saods9-8.2+repack/fitsy/compress.C:576:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[4];
data/saods9-8.2+repack/fitsy/compress.C:592:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[8];
data/saods9-8.2+repack/fitsy/envilex.C:1190:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
envilval->integer = atoi(yytext);
data/saods9-8.2+repack/fitsy/envilex.C:1244:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
envilval->integer = atoi(yytext);
data/saods9-8.2+repack/fitsy/enviparser.C:243:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[ENVIPARSERSIZE];
data/saods9-8.2+repack/fitsy/enviparser.C:1207:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/saods9-8.2+repack/fitsy/enviparser.C:1224:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/saods9-8.2+repack/fitsy/enviparser.C:1397:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/saods9-8.2+repack/fitsy/enviparser.H:168:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[ENVIPARSERSIZE];
data/saods9-8.2+repack/fitsy/gzip.C:139:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(obuf,nbuf,ll);
data/saods9-8.2+repack/fitsy/gzip.C:168:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(obuf,nbuf,ll);
data/saods9-8.2+repack/fitsy/gzip.C:205:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(obuf,nbuf,ll);
data/saods9-8.2+repack/fitsy/gzip.C:232:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[2];
data/saods9-8.2+repack/fitsy/gzip.C:255:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[4];
data/saods9-8.2+repack/fitsy/gzip.C:290:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[8];
data/saods9-8.2+repack/fitsy/hdecompress.c:67:78: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int dodecode(unsigned char *infile, int a[], int nx, int ny, unsigned char nbitplanes[3]);
data/saods9-8.2+repack/fitsy/hdecompress.c:68:85: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int dodecode64(unsigned char *infile, LONGLONG a[], int nx, int ny, unsigned char nbitplanes[3]);
data/saods9-8.2+repack/fitsy/hdecompress.c:1039:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char code_magic[2] = { (char)0xDD, (char)0x99 };
data/saods9-8.2+repack/fitsy/hdecompress.c:1052:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nbitplanes[3];
data/saods9-8.2+repack/fitsy/hdecompress.c:1053:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmagic[2];
data/saods9-8.2+repack/fitsy/hdecompress.c:1100:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nbitplanes[3];
data/saods9-8.2+repack/fitsy/hdecompress.c:1101:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmagic[2];
data/saods9-8.2+repack/fitsy/hdecompress.c:1155:67: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
dodecode(unsigned char *infile, int a[], int nx, int ny, unsigned char nbitplanes[3])
data/saods9-8.2+repack/fitsy/hdecompress.c:1214:74: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
dodecode64(unsigned char *infile, LONGLONG a[], int nx, int ny, unsigned char nbitplanes[3])
data/saods9-8.2+repack/fitsy/hdecompress.c:2410:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[4];
data/saods9-8.2+repack/fitsy/hdecompress.c:2432:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[8];
data/saods9-8.2+repack/fitsy/hdecompress.c:2457:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &file[nextchar], n);
data/saods9-8.2+repack/fitsy/hdu.C:69:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(keybuf,str.str().c_str(),str.str().length());
data/saods9-8.2+repack/fitsy/hdu.h:33:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keybuf[9];
data/saods9-8.2+repack/fitsy/head.C:92:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cards_, "END", 3);
data/saods9-8.2+repack/fitsy/head.C:130:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cards_, "END", 3);
data/saods9-8.2+repack/fitsy/head.C:433:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cards_, old, oldsz);
data/saods9-8.2+repack/fitsy/head.C:558:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char k[8];
data/saods9-8.2+repack/fitsy/head.C:579:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char k[8];
data/saods9-8.2+repack/fitsy/hist.C:267:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[9];
data/saods9-8.2+repack/fitsy/hist.C:432:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[4];
data/saods9-8.2+repack/fitsy/hist.C:625:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char w[2];
data/saods9-8.2+repack/fitsy/hpx.C:259:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest+fpixel-1, row, nside*sizeof(float));
data/saods9-8.2+repack/fitsy/hpx.C:572:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[4];
data/saods9-8.2+repack/fitsy/iis.C:55:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dptr, sptr, ww);
data/saods9-8.2+repack/fitsy/iis.C:75:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dptr, sptr, ww);
data/saods9-8.2+repack/fitsy/lex.C:959:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fflval->integer = atoi(yytext);
data/saods9-8.2+repack/fitsy/lex.C:1018:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fflval->integer = atoi(yytext);
data/saods9-8.2+repack/fitsy/map.C:500:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/saods9-8.2+repack/fitsy/mapincr.C:58:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(pName_, O_RDONLY);
data/saods9-8.2+repack/fitsy/mapincr.C:81:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pName_, O_RDONLY);
data/saods9-8.2+repack/fitsy/mapincr.C:126:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(pName_, O_RDONLY);
data/saods9-8.2+repack/fitsy/mapincr.C:193:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(pName_, O_RDONLY);
data/saods9-8.2+repack/fitsy/mapincr.C:229:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(pName_, O_RDONLY);
data/saods9-8.2+repack/fitsy/mapincr.C:639:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(pName_, O_RDONLY);
data/saods9-8.2+repack/fitsy/mmap.C:29:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int file = open(pName_, O_RDONLY);
data/saods9-8.2+repack/fitsy/mmapincr.C:29:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(pName_, O_RDONLY);
data/saods9-8.2+repack/fitsy/nrrdlex.C:1467:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nrrdlval->integer = atoi(yytext);
data/saods9-8.2+repack/fitsy/nrrdparser.C:322:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[NRRDPARSERSIZE];
data/saods9-8.2+repack/fitsy/nrrdparser.C:1371:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/saods9-8.2+repack/fitsy/nrrdparser.C:1388:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/saods9-8.2+repack/fitsy/nrrdparser.C:1561:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/saods9-8.2+repack/fitsy/nrrdparser.H:248:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[NRRDPARSERSIZE];
data/saods9-8.2+repack/fitsy/outfile.C:10:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd_ = fopen(fn, "wb")))
data/saods9-8.2+repack/fitsy/outfits.C:32:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, where+rr, r);
data/saods9-8.2+repack/fitsy/outsocket.C:65:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[10] =
data/saods9-8.2+repack/fitsy/parser.C:168:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ff_filter[512];
data/saods9-8.2+repack/fitsy/parser.C:198:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/saods9-8.2+repack/fitsy/parser.C:1205:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/saods9-8.2+repack/fitsy/parser.C:1222:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/saods9-8.2+repack/fitsy/parser.C:1395:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/saods9-8.2+repack/fitsy/parser.H:121:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/saods9-8.2+repack/fitsy/plio.C:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[2];
data/saods9-8.2+repack/fitsy/savefits.C:21:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[FTY_BLOCK];
data/saods9-8.2+repack/fitsy/savefits.C:26:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdu,"SIMPLE = ",10);
data/saods9-8.2+repack/fitsy/savefits.C:27:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdu+32-3,"T /",3);
data/saods9-8.2+repack/fitsy/savefits.C:30:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdu,"BITPIX = ",10);
data/saods9-8.2+repack/fitsy/savefits.C:31:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdu+32-3,"8 /",3);
data/saods9-8.2+repack/fitsy/savefits.C:34:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdu,"NAXIS = ",10);
data/saods9-8.2+repack/fitsy/savefits.C:35:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdu+32-3,"0 /",3);
data/saods9-8.2+repack/fitsy/savefits.C:38:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdu,"END",3);
data/saods9-8.2+repack/fitsy/savefits.C:46:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[FTY_CARDLEN];
data/saods9-8.2+repack/fitsy/savefits.C:55:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,"BITPIX = ",10);
data/saods9-8.2+repack/fitsy/savefits.C:56:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+32-4,"32 /",4);
data/saods9-8.2+repack/fitsy/savefits.C:61:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,"NAXIS = ",10);
data/saods9-8.2+repack/fitsy/savefits.C:63:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+32-3,"3 /",3);
data/saods9-8.2+repack/fitsy/savefits.C:66:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+32-3,"2 /",3);
data/saods9-8.2+repack/fitsy/savefits.C:68:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+32-3,"1 /",3);
data/saods9-8.2+repack/fitsy/savefits.C:81:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,"NAXIS3 = ",10);
data/saods9-8.2+repack/fitsy/savefits.C:82:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+32-ll, ddptr, ll);
data/saods9-8.2+repack/fitsy/savefits.C:142:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,"END",3);
data/saods9-8.2+repack/fitsy/savefits.C:152:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[FTY_CARDLEN];
data/saods9-8.2+repack/fitsy/savefits.C:155:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,"SIMPLE = ",10);
data/saods9-8.2+repack/fitsy/savefits.C:156:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+32-3,"T /",3);
data/saods9-8.2+repack/fitsy/savefits.C:172:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[FTY_CARDLEN];
data/saods9-8.2+repack/fitsy/savefits.C:175:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,"XTENSION= 'IMAGE '",20);
data/saods9-8.2+repack/fitsy/savefits.C:236:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[FTY_BLOCK];
data/saods9-8.2+repack/fitsy/savefits.C:291:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[FTY_CARDLEN];
data/saods9-8.2+repack/fitsy/savefits.C:298:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,"BITPIX = ",10);
data/saods9-8.2+repack/fitsy/savefits.C:299:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+32-4,"-32 /",5);
data/saods9-8.2+repack/fitsy/smmap.C:24:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int file = open(hdr, O_RDONLY);
data/saods9-8.2+repack/fitsy/smmap.C:62:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int file = open(pName_, O_RDONLY);
data/saods9-8.2+repack/fitsy/socketgz.C:61:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[128];
data/saods9-8.2+repack/fitsy/strm.C:99:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(where,stream_->header,2);
data/saods9-8.2+repack/fitsy/strm.C:273:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, cards, numblks*FTY_BLOCK);
data/saods9-8.2+repack/fitsy/strm.C:334:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block[FTY_BLOCK];
data/saods9-8.2+repack/fitsy/strm.C:348:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block[FTY_BLOCK];
data/saods9-8.2+repack/fitsy/strm.C:355:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block[FTY_BLOCK];
data/saods9-8.2+repack/fitsy/strm.C:823:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/saods9-8.2+repack/fitsy/strm.h:15:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[2];
data/saods9-8.2+repack/fitsy/var.C:31:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[4]; /* The array of bytes. The actual size of
data/saods9-8.2+repack/tclfitsy/tclfitsy.C:60:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fitsy->open(argc, argv);
data/saods9-8.2+repack/tclfitsy/tclfitsy.C:185:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int TclFITSY::open(int argc, const char* argv[])
data/saods9-8.2+repack/tclfitsy/tclfitsy.C:228:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lptr, cptr, FTY_CARDLEN);
data/saods9-8.2+repack/tclfitsy/tclfitsy.h:26:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open(int, const char*[]);
data/saods9-8.2+repack/tcliis/iis.c:222:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((datain = open (xim->input_fifo, O_RDONLY|O_NDELAY)) != -1) {
data/saods9-8.2+repack/tcliis/iis.c:223:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dataout = open (xim->input_fifo, O_WRONLY|O_NDELAY)) != -1)
data/saods9-8.2+repack/tcliis/iis.c:234:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((datain = open (xim->output_fifo, O_RDONLY|O_NDELAY)) == -1)
data/saods9-8.2+repack/tcliis/iis.c:243:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
keepalive = open (xim->output_fifo, O_WRONLY);
data/saods9-8.2+repack/tcliis/iis.c:260:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (xim->input_fifo, "none");
data/saods9-8.2+repack/tcliis/iis.c:359:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/saods9-8.2+repack/tcliis/iis.c:413:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (xim->unixaddr, "none");
data/saods9-8.2+repack/tcliis/iis.c:507:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_FIFOBUF];
data/saods9-8.2+repack/tcliis/iis.c:593:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "uncache %d", mp->id);
data/saods9-8.2+repack/tcliis/iis.c:664:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *ip, iobuf[SZ_IOBUF];
data/saods9-8.2+repack/tcliis/iis.c:707:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *op, iobuf[SZ_IOBUF];
data/saods9-8.2+repack/tcliis/iis.c:763:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char emsg[SZ_WCSBUF];
data/saods9-8.2+repack/tcliis/iis.c:775:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text=emsg, "version=%d", IIS_VERSION);
data/saods9-8.2+repack/tcliis/iis.c:812:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wcs[SZ_WCSBUF], mapping[SZ_WCSBUF];
data/saods9-8.2+repack/tcliis/iis.c:824:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (text=emsg, "[NOSUCHWCS]\n");
data/saods9-8.2+repack/tcliis/iis.c:1070:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curval[SZ_IMCURVAL];
data/saods9-8.2+repack/tcliis/iis.c:1071:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keystr[20];
data/saods9-8.2+repack/tcliis/iis.c:1114:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (curval, "EOF\n");
data/saods9-8.2+repack/tcliis/iis.c:1120:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (keystr, "\\%03o", key);
data/saods9-8.2+repack/tcliis/iis.c:1147:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/saods9-8.2+repack/tcliis/iis.c:1182:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "wcstran %d %g %g\n", mp->id, wx, wy);
data/saods9-8.2+repack/tcliis/iis.c:1307:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], *format;
data/saods9-8.2+repack/tcliis/iis.c:1381:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_WCSBUF];
data/saods9-8.2+repack/tcliis/iis.c:1442:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "wcslist %d", mp->id);
data/saods9-8.2+repack/tcliis/iis.c:1448:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "orient %d %d %d %d",
data/saods9-8.2+repack/tcliis/iistcl.C:71:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return iis->open(argc, argv);
data/saods9-8.2+repack/tcliis/iistcl.C:283:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int IIS::open(int argc, const char* argv[])
data/saods9-8.2+repack/tcliis/iistcl.C:384:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/saods9-8.2+repack/tcliis/iistcl.h:36:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open(int, const char*[]);
data/saods9-8.2+repack/tcliis/util.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[SZ_LINE+1], *fname;
data/saods9-8.2+repack/tcliis/util.c:83:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (fname, "r");
data/saods9-8.2+repack/tcliis/util.c:86:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (fname = lbuf, "r");
data/saods9-8.2+repack/tcliis/util.c:95:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (fname = xim->imtoolrc, "r");
data/saods9-8.2+repack/tcliis/util.c:97:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (fname = fb_paths[i], "r"))) {
data/saods9-8.2+repack/tcliis/ximtool.h:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[32]; /* wcs output format */
data/saods9-8.2+repack/tcliis/ximtool.h:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imtitle[SZ_IMTITLE+1]; /* image title from WCS */
data/saods9-8.2+repack/tcliis/ximtool.h:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ref[SZ_FNAME+1]; /* image reference from WCS */
data/saods9-8.2+repack/tcliis/ximtool.h:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char region[SZ_FNAME+1]; /* region name from WCS */
data/saods9-8.2+repack/tcliis/ximtool.h:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[SZ_LABEL+1]; /* frame label string */
data/saods9-8.2+repack/tcliis/ximtool.h:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wcsbuf[SZ_WCSBUF]; /* wcs info string */
data/saods9-8.2+repack/tcliis/ximtool.h:135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SZ_CMAPNAME+1]; /* colormap name */
data/saods9-8.2+repack/tcliis/ximtool.h:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[SZ_FNAME+1]; /* for unix sockets */
data/saods9-8.2+repack/tcliis/ximtool.h:175:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SZ_FNAME+1]; /* client name */
data/saods9-8.2+repack/tcliis/ximtool.h:176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[SZ_FNAME+1]; /* for unix sockets */
data/saods9-8.2+repack/tcliis/ximtool.h:177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[SZ_ISMBUF+1]; /* incomplete message buffer */
data/saods9-8.2+repack/tcliis/ximtool.h:185:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SZ_FNAME]; /* name of the module */
data/saods9-8.2+repack/tcliis/ximtool.h:186:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[SZ_LINE]; /* cmd to execute for module */
data/saods9-8.2+repack/tcliis/ximtool.h:198:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printerName[SZ_FNAME+1]; /* printer name */
data/saods9-8.2+repack/tcliis/ximtool.h:199:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printCmd[SZ_FNAME+1]; /* printer dispose command */
data/saods9-8.2+repack/tcliis/ximtool.h:208:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printFile[SZ_FNAME+1]; /* disk filename template */
data/saods9-8.2+repack/tcliis/ximtool.h:209:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printCmd[SZ_FNAME+1]; /* dispose command */
data/saods9-8.2+repack/tcliis/ximtool.h:218:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_FNAME+1]; /* save filename */
data/saods9-8.2+repack/tcliis/ximtool.h:240:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curdir[SZ_FNAME+1]; /* current directory */
data/saods9-8.2+repack/tcliis/ximtool.h:241:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char homedir[SZ_FNAME+1]; /* home directory */
data/saods9-8.2+repack/tcliis/ximtool.h:242:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[SZ_NAME+1]; /* file pattern to match */
data/saods9-8.2+repack/tksao/colorbar/colorbar.C:542:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char color[32];
data/saods9-8.2+repack/tksao/colorbar/colorbar.C:747:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char color[32];
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor16.C:153:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char row[xmap->bytes_per_line];
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor16.C:160:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(row+ii*2, &a, 2);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor16.C:163:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+(jj*xmap->bytes_per_line), row, xmap->bytes_per_line);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor16.C:170:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(row+ii*2, &a, 2);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor16.C:173:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+(jj*xmap->bytes_per_line), row, xmap->bytes_per_line);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor16.C:180:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(row+ii*2, &a, 2);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor16.C:183:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+(jj*xmap->bytes_per_line), row, xmap->bytes_per_line);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor16.C:197:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+(jj*xmap->bytes_per_line), row, xmap->bytes_per_line);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor16.C:209:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+(jj*xmap->bytes_per_line), row, xmap->bytes_per_line);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor16.C:221:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+(jj*xmap->bytes_per_line), row, xmap->bytes_per_line);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor16.C:241:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+ii*2, &a, 2);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor16.C:250:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+ii*2, &a, 2);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor16.C:259:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+ii*2, &a, 2);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor24.C:186:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char row[xmap->bytes_per_line];
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor24.C:193:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(row+ii*3, &a, 3);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor24.C:196:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+(jj*xmap->bytes_per_line), row, xmap->bytes_per_line);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor24.C:203:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(row+ii*3, &a, 3);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor24.C:206:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+(jj*xmap->bytes_per_line), row, xmap->bytes_per_line);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor24.C:213:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(row+ii*3, &a, 3);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor24.C:216:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+(jj*xmap->bytes_per_line), row, xmap->bytes_per_line);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor24.C:231:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+(jj*xmap->bytes_per_line), row, xmap->bytes_per_line);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor24.C:244:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+(jj*xmap->bytes_per_line), row, xmap->bytes_per_line);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor24.C:257:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+(jj*xmap->bytes_per_line), row, xmap->bytes_per_line);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor24.C:274:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+ii*3, &a, 3);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor24.C:283:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+ii*3, &a, 3);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor24.C:292:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+ii*3, &a, 3);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor24.C:345:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char row[xmap->bytes_per_line];
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor24.C:356:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(row+ii*4, &a, 4);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor24.C:359:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+(jj*xmap->bytes_per_line), row, xmap->bytes_per_line);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor24.C:369:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(row+ii*4, &a, 4);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor24.C:372:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+(jj*xmap->bytes_per_line), row, xmap->bytes_per_line);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor24.C:382:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(row+ii*4, &a, 4);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor24.C:385:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+(jj*xmap->bytes_per_line), row, xmap->bytes_per_line);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor24.C:404:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+(j*xmap->bytes_per_line), row, xmap->bytes_per_line);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor24.C:421:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+(j*xmap->bytes_per_line), row, xmap->bytes_per_line);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor24.C:438:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+(j*xmap->bytes_per_line), row, xmap->bytes_per_line);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor24.C:458:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+ii*4, &a, 4);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor24.C:470:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+ii*4, &a, 4);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor24.C:482:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+ii*4, &a, 4);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor8.C:150:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char row[xmap->bytes_per_line];
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor8.C:158:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+(jj*xmap->bytes_per_line), row, xmap->bytes_per_line);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor8.C:166:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+(jj*xmap->bytes_per_line), row, xmap->bytes_per_line);
data/saods9-8.2+repack/tksao/colorbar/colorbarrgbtruecolor8.C:174:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+(jj*xmap->bytes_per_line), row, xmap->bytes_per_line);
data/saods9-8.2+repack/tksao/colorbar/colorbartruecolor16.C:162:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+ii*2, &a, 2);
data/saods9-8.2+repack/tksao/colorbar/colorbartruecolor16.C:183:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+(jj*xmap->bytes_per_line), data, xmap->bytes_per_line);
data/saods9-8.2+repack/tksao/colorbar/colorbartruecolor16.C:204:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+ii*2, &a, 2);
data/saods9-8.2+repack/tksao/colorbar/colorbartruecolor24.C:195:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+ii*3, &a, 3);
data/saods9-8.2+repack/tksao/colorbar/colorbartruecolor24.C:217:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+(jj*xmap->bytes_per_line), data, xmap->bytes_per_line);
data/saods9-8.2+repack/tksao/colorbar/colorbartruecolor24.C:234:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+ii*3, &a, 3);
data/saods9-8.2+repack/tksao/colorbar/colorbartruecolor24.C:273:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+ii*4, &a, 4);
data/saods9-8.2+repack/tksao/colorbar/colorbartruecolor24.C:299:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+(jj*xmap->bytes_per_line), data, xmap->bytes_per_line);
data/saods9-8.2+repack/tksao/colorbar/colorbartruecolor24.C:319:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+ii*4, &a, 4);
data/saods9-8.2+repack/tksao/colorbar/colorbartruecolor8.C:160:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+(jj*xmap->bytes_per_line), data, xmap->bytes_per_line);
data/saods9-8.2+repack/tksao/colorbar/lex.C:1118:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cblval->integer = atoi(yytext);
data/saods9-8.2+repack/tksao/colorbar/lut.C:79:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ccmd, len);
data/saods9-8.2+repack/tksao/colorbar/lutlex.C:721:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rgblval->integer = atoi(yytext);
data/saods9-8.2+repack/tksao/colorbar/lutparser.C:150:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[LUTBUFSIZE];
data/saods9-8.2+repack/tksao/colorbar/lutparser.C:955:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/saods9-8.2+repack/tksao/colorbar/lutparser.C:972:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/saods9-8.2+repack/tksao/colorbar/lutparser.C:1145:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/saods9-8.2+repack/tksao/colorbar/lutparser.H:76:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[LUTBUFSIZE];
data/saods9-8.2+repack/tksao/colorbar/parser.C:240:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[CBBUFSIZE];
data/saods9-8.2+repack/tksao/colorbar/parser.C:1180:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/saods9-8.2+repack/tksao/colorbar/parser.C:1197:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/saods9-8.2+repack/tksao/colorbar/parser.C:1370:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/saods9-8.2+repack/tksao/colorbar/parser.H:170:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[CBBUFSIZE];
data/saods9-8.2+repack/tksao/colorbar/sao.C:88:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ccmd, len);
data/saods9-8.2+repack/tksao/colorbar/saolex.C:781:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lilval->integer = atoi(yytext);
data/saods9-8.2+repack/tksao/colorbar/saoparser.C:160:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[SAOBUFSIZE];
data/saods9-8.2+repack/tksao/colorbar/saoparser.C:982:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/saods9-8.2+repack/tksao/colorbar/saoparser.C:999:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/saods9-8.2+repack/tksao/colorbar/saoparser.C:1172:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/saods9-8.2+repack/tksao/colorbar/saoparser.H:86:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[SAOBUFSIZE];
data/saods9-8.2+repack/tksao/frame/annulus.C:19:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_, "annulus");
data/saods9-8.2+repack/tksao/frame/annulus.C:41:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_, "annulus");
data/saods9-8.2+repack/tksao/frame/annulus.C:62:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_, "annulus");
data/saods9-8.2+repack/tksao/frame/base.C:599:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/saods9-8.2+repack/tksao/frame/base.C:1781:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dl[2];
data/saods9-8.2+repack/tksao/frame/base.h:195:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pannerName[32]; // panner widget name
data/saods9-8.2+repack/tksao/frame/base.h:203:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magnifierName[32]; // magnifer widget name
data/saods9-8.2+repack/tksao/frame/basecommand.C:730:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ccmd, len);
data/saods9-8.2+repack/tksao/frame/basecommand.C:758:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ccmd, len);
data/saods9-8.2+repack/tksao/frame/box.C:21:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_,"box");
data/saods9-8.2+repack/tksao/frame/box.C:41:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_,"box");
data/saods9-8.2+repack/tksao/frame/boxannulus.C:21:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_,"boxannulus");
data/saods9-8.2+repack/tksao/frame/boxannulus.C:38:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_,"boxannulus");
data/saods9-8.2+repack/tksao/frame/boxannulus.C:59:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_,"boxannulus");
data/saods9-8.2+repack/tksao/frame/boxannulus.C:81:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_, "boxannulus");
data/saods9-8.2+repack/tksao/frame/bpanda.C:26:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_, "bpanda");
data/saods9-8.2+repack/tksao/frame/bpanda.C:54:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_, "bpanda");
data/saods9-8.2+repack/tksao/frame/callback.h:26:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char proc_[64];
data/saods9-8.2+repack/tksao/frame/callback.h:27:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg_[64];
data/saods9-8.2+repack/tksao/frame/ciaolex.C:839:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ciaolval->integer = atoi(yytext);
data/saods9-8.2+repack/tksao/frame/ciaoparser.C:156:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char color[32];
data/saods9-8.2+repack/tksao/frame/ciaoparser.C:195:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[CIAOBUFSIZE];
data/saods9-8.2+repack/tksao/frame/ciaoparser.C:1105:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/saods9-8.2+repack/tksao/frame/ciaoparser.C:1122:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/saods9-8.2+repack/tksao/frame/ciaoparser.C:1295:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/saods9-8.2+repack/tksao/frame/ciaoparser.C:1535:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(color, "green");
data/saods9-8.2+repack/tksao/frame/ciaoparser.H:106:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[CIAOBUFSIZE];
data/saods9-8.2+repack/tksao/frame/circle.C:21:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_, "circle");
data/saods9-8.2+repack/tksao/frame/circle.C:40:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_, "circle");
data/saods9-8.2+repack/tksao/frame/colorscale.C:29:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psColors_+ii*3, colorCells+ll*3,3);
data/saods9-8.2+repack/tksao/frame/colorscale.C:42:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psColors_+ii*3, colorCells+ll*3, 3);
data/saods9-8.2+repack/tksao/frame/colorscale.C:55:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psColors_+ii*3, colorCells+ll*3, 3);
data/saods9-8.2+repack/tksao/frame/colorscale.C:65:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psColors_+ii*3, colorCells+ll*3,3);
data/saods9-8.2+repack/tksao/frame/colorscale.C:75:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psColors_+ii*3, colorCells+ll*3,3);
data/saods9-8.2+repack/tksao/frame/colorscale.C:88:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psColors_+ii*3, colorCells+ll*3,3);
data/saods9-8.2+repack/tksao/frame/colorscale.C:101:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psColors_+ii*3, colorCells+ll*3,3);
data/saods9-8.2+repack/tksao/frame/colorscale.C:114:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psColors_+ii*3, colorCells+ll*3,3);
data/saods9-8.2+repack/tksao/frame/colorscale.C:120:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psColors_+ii*3, colorCells+ll*3,3);
data/saods9-8.2+repack/tksao/frame/colorscale.C:131:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psColors_+ii*3, colorCells+ll*3,3);
data/saods9-8.2+repack/tksao/frame/colorscalergb.C:31:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psColors_+ii, colorCells+ll*3+jj,1);
data/saods9-8.2+repack/tksao/frame/colorscalergb.C:45:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psColors_+ii, colorCells+ll*3+jj,1);
data/saods9-8.2+repack/tksao/frame/colorscalergb.C:59:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psColors_+ii, colorCells+ll*3+jj,1);
data/saods9-8.2+repack/tksao/frame/colorscalergb.C:69:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psColors_+ii, colorCells+ll*3+jj,1);
data/saods9-8.2+repack/tksao/frame/colorscalergb.C:80:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psColors_+ii, colorCells+ll*3+jj,1);
data/saods9-8.2+repack/tksao/frame/colorscalergb.C:91:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psColors_+ii, colorCells+ll*3+jj,1);
data/saods9-8.2+repack/tksao/frame/colorscalergb.C:102:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psColors_+ii, colorCells+ll*3+jj,1);
data/saods9-8.2+repack/tksao/frame/colorscalergb.C:115:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psColors_+ii, colorCells+ll*3+jj,1);
data/saods9-8.2+repack/tksao/frame/colorscalergb.C:121:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psColors_+ii, colorCells+ll*3+jj,1);
data/saods9-8.2+repack/tksao/frame/colorscaletrue16.C:24:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(colors_+i*2, &a, 2);
data/saods9-8.2+repack/tksao/frame/colorscaletrue24.C:24:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(colors_+i*3, &a, 3);
data/saods9-8.2+repack/tksao/frame/colorscaletrue32.C:26:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(colors_+i*4, &a, 4);
data/saods9-8.2+repack/tksao/frame/compass.C:43:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_,"compass");
data/saods9-8.2+repack/tksao/frame/composite.C:22:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_, "composite");
data/saods9-8.2+repack/tksao/frame/context.C:1677:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, sjv[kk]+(jj*ww)*bz, ww*bz);
data/saods9-8.2+repack/tksao/frame/context.C:1702:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, sjv[kk]+(jj*ww+ii)*bz, bz);
data/saods9-8.2+repack/tksao/frame/context.C:1722:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, sjv[kk]+(jj*ww+ii)*bz, bz);
data/saods9-8.2+repack/tksao/frame/context.C:1742:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, sjv[kk]+(jj*ww+ii)*bz, bz);
data/saods9-8.2+repack/tksao/frame/context.C:1762:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, sjv[kk]+(jj*ww+ii)*bz, bz);
data/saods9-8.2+repack/tksao/frame/context.C:1958:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[8];
data/saods9-8.2+repack/tksao/frame/context.C:2058:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[8];
data/saods9-8.2+repack/tksao/frame/contour.C:193:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dl[2];
data/saods9-8.2+repack/tksao/frame/contourlex.C:1302:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctlval->integer = atoi(yytext);
data/saods9-8.2+repack/tksao/frame/contourparser.C:250:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char globalColor[16];
data/saods9-8.2+repack/tksao/frame/contourparser.C:251:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char localColor[16];
data/saods9-8.2+repack/tksao/frame/contourparser.C:289:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[CTBUFSIZE];
data/saods9-8.2+repack/tksao/frame/contourparser.C:1285:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/saods9-8.2+repack/tksao/frame/contourparser.C:1302:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/saods9-8.2+repack/tksao/frame/contourparser.C:1475:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/saods9-8.2+repack/tksao/frame/contourparser.C:1908:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(globalColor,"green");
data/saods9-8.2+repack/tksao/frame/contourparser.H:188:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[CTBUFSIZE];
data/saods9-8.2+repack/tksao/frame/coord.C:63:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int degree = atoi(strtok(ptr,":"));
data/saods9-8.2+repack/tksao/frame/coord.C:64:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int minute = atoi(strtok(NULL,":"));
data/saods9-8.2+repack/tksao/frame/coord.C:84:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int hour = atoi(strtok(ptr,"h"));
data/saods9-8.2+repack/tksao/frame/coord.C:85:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int minute = atoi(strtok(NULL,"m"));
data/saods9-8.2+repack/tksao/frame/coord.C:105:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int degree = atoi(strtok(ptr,"d"));
data/saods9-8.2+repack/tksao/frame/coord.C:106:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int minute = atoi(strtok(NULL,"m"));
data/saods9-8.2+repack/tksao/frame/cpanda.C:27:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_, "panda");
data/saods9-8.2+repack/tksao/frame/cpanda.C:54:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_, "panda");
data/saods9-8.2+repack/tksao/frame/ds9lex.C:2309:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mklval->integer = atoi(yytext);
data/saods9-8.2+repack/tksao/frame/ds9parser.C:375:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char globalColor[32];
data/saods9-8.2+repack/tksao/frame/ds9parser.C:376:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char localColor[32];
data/saods9-8.2+repack/tksao/frame/ds9parser.C:378:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char globalFont[32];
data/saods9-8.2+repack/tksao/frame/ds9parser.C:379:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char localFont[32];
data/saods9-8.2+repack/tksao/frame/ds9parser.C:381:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char globalText[80];
data/saods9-8.2+repack/tksao/frame/ds9parser.C:382:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char localText[80];
data/saods9-8.2+repack/tksao/frame/ds9parser.C:384:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char localComment[80];
data/saods9-8.2+repack/tksao/frame/ds9parser.C:418:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char globalRulerDistSpec[32];
data/saods9-8.2+repack/tksao/frame/ds9parser.C:419:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char localRulerDistSpec[32];
data/saods9-8.2+repack/tksao/frame/ds9parser.C:423:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char globalCompassNorth[80];
data/saods9-8.2+repack/tksao/frame/ds9parser.C:424:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char globalCompassEast[80];
data/saods9-8.2+repack/tksao/frame/ds9parser.C:429:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char localCompassNorth[80];
data/saods9-8.2+repack/tksao/frame/ds9parser.C:430:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char localCompassEast[80];
data/saods9-8.2+repack/tksao/frame/ds9parser.C:453:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char aColor[16];
data/saods9-8.2+repack/tksao/frame/ds9parser.C:456:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char aFont[32];
data/saods9-8.2+repack/tksao/frame/ds9parser.C:457:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char aText[80];
data/saods9-8.2+repack/tksao/frame/ds9parser.C:458:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char aComment[80];
data/saods9-8.2+repack/tksao/frame/ds9parser.C:490:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MKBUFSIZE];
data/saods9-8.2+repack/tksao/frame/ds9parser.C:2347:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/saods9-8.2+repack/tksao/frame/ds9parser.C:2364:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/saods9-8.2+repack/tksao/frame/ds9parser.C:2537:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/saods9-8.2+repack/tksao/frame/ds9parser.C:3798:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(globalColor,"green");
data/saods9-8.2+repack/tksao/frame/ds9parser.C:3802:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(globalFont,"helvetica 10 normal roman");
data/saods9-8.2+repack/tksao/frame/ds9parser.H:304:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MKBUFSIZE];
data/saods9-8.2+repack/tksao/frame/ellipse.C:22:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_,"ellipse");
data/saods9-8.2+repack/tksao/frame/ellipse.C:41:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_,"ellipse");
data/saods9-8.2+repack/tksao/frame/ellipseannulus.C:22:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_,"ellipseannulus");
data/saods9-8.2+repack/tksao/frame/ellipseannulus.C:39:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_, "ellipseannulus");
data/saods9-8.2+repack/tksao/frame/ellipseannulus.C:60:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_, "ellipseannulus");
data/saods9-8.2+repack/tksao/frame/ellipseannulus.C:82:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_, "ellipseannulus");
data/saods9-8.2+repack/tksao/frame/epanda.C:26:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_, "epanda");
data/saods9-8.2+repack/tksao/frame/epanda.C:54:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_, "epanda");
data/saods9-8.2+repack/tksao/frame/fitsdata.C:136:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_,str.str().c_str(),str.str().length());
data/saods9-8.2+repack/tksao/frame/fitsdata.C:144:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_,str.str().c_str(),str.str().length());
data/saods9-8.2+repack/tksao/frame/fitsdata.C:222:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_,str.str().c_str(),str.str().length());
data/saods9-8.2+repack/tksao/frame/fitsdata.C:230:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_,str.str().c_str(),str.str().length());
data/saods9-8.2+repack/tksao/frame/fitsdata.C:238:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_,str.str().c_str(),str.str().length());
data/saods9-8.2+repack/tksao/frame/fitsdata.C:266:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_,str.str().c_str(),str.str().length());
data/saods9-8.2+repack/tksao/frame/fitsdata.C:274:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_,str.str().c_str(),str.str().length());
data/saods9-8.2+repack/tksao/frame/fitsdata.C:282:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_,str.str().c_str(),str.str().length());
data/saods9-8.2+repack/tksao/frame/fitsdata.C:346:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[2];
data/saods9-8.2+repack/tksao/frame/fitsdata.C:360:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[2];
data/saods9-8.2+repack/tksao/frame/fitsdata.C:374:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[4];
data/saods9-8.2+repack/tksao/frame/fitsdata.C:390:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[8];
data/saods9-8.2+repack/tksao/frame/fitsdata.C:410:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[4];
data/saods9-8.2+repack/tksao/frame/fitsdata.C:426:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[8];
data/saods9-8.2+repack/tksao/frame/fitsdata.C:545:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[2];
data/saods9-8.2+repack/tksao/frame/fitsdata.C:616:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[2];
data/saods9-8.2+repack/tksao/frame/fitsdata.C:687:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[4];
data/saods9-8.2+repack/tksao/frame/fitsdata.C:760:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[8];
data/saods9-8.2+repack/tksao/frame/fitsdata.C:837:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[4];
data/saods9-8.2+repack/tksao/frame/fitsdata.C:909:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[8];
data/saods9-8.2+repack/tksao/frame/fitsdata.C:1082:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_,str.str().c_str(),str.str().length());
data/saods9-8.2+repack/tksao/frame/fitsdata.C:1111:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_,str.str().c_str(),str.str().length());
data/saods9-8.2+repack/tksao/frame/fitsdata.C:1140:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_,str.str().c_str(),str.str().length());
data/saods9-8.2+repack/tksao/frame/fitsdata.C:1172:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[2];
data/saods9-8.2+repack/tksao/frame/fitsdata.C:1203:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[2];
data/saods9-8.2+repack/tksao/frame/fitsdata.C:1234:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[4];
data/saods9-8.2+repack/tksao/frame/fitsdata.C:1267:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[8];
data/saods9-8.2+repack/tksao/frame/fitsdata.C:1300:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[4];
data/saods9-8.2+repack/tksao/frame/fitsdata.C:1326:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[8];
data/saods9-8.2+repack/tksao/frame/fitsdata.C:1433:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[2];
data/saods9-8.2+repack/tksao/frame/fitsdata.C:1464:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[2];
data/saods9-8.2+repack/tksao/frame/fitsdata.C:1495:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[4];
data/saods9-8.2+repack/tksao/frame/fitsdata.C:1528:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[8];
data/saods9-8.2+repack/tksao/frame/fitsdata.C:1565:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[4];
data/saods9-8.2+repack/tksao/frame/fitsdata.C:1595:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[8];
data/saods9-8.2+repack/tksao/frame/fitsdata.h:37:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_[32];
data/saods9-8.2+repack/tksao/frame/fitsimage.C:920:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cards, hd->cards(), hd->headbytes());
data/saods9-8.2+repack/tksao/frame/fitsimage.C:925:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cards+i, " ",3);
data/saods9-8.2+repack/tksao/frame/fitsimage.C:930:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cards+hd->headbytes(), hh->cards(), hh->headbytes());
data/saods9-8.2+repack/tksao/frame/fitsimage.C:994:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lptr, cptr, FTY_CARDLEN);
data/saods9-8.2+repack/tksao/frame/fitsimage.C:1072:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,str.str().c_str(), str.str().length());
data/saods9-8.2+repack/tksao/frame/fitsimage.C:1578:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/saods9-8.2+repack/tksao/frame/fitsimage.C:1588:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[32];
data/saods9-8.2+repack/tksao/frame/fitsimage.C:1597:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[64];
data/saods9-8.2+repack/tksao/frame/fitsimage.C:3394:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[81];
data/saods9-8.2+repack/tksao/frame/fitsimage.C:3415:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+ii*width+jj*2,&vv,2);
data/saods9-8.2+repack/tksao/frame/fitsimage.C:3422:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+ii*width+jj*4,&vv,4);
data/saods9-8.2+repack/tksao/frame/fitsimage.C:3429:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+ii*width+jj*4,&vv,4);
data/saods9-8.2+repack/tksao/frame/fitsimage.C:3436:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+ii*width+jj*8,&vv,8);
data/saods9-8.2+repack/tksao/frame/fitsimage.C:3486:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[81];
data/saods9-8.2+repack/tksao/frame/fitsimage.h:93:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32]; // tmp storage for returning strings
data/saods9-8.2+repack/tksao/frame/frame.C:583:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(colorCells, cells, cnt*3);
data/saods9-8.2+repack/tksao/frame/frame.C:915:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bgTrueColor[4]; // color encoded
data/saods9-8.2+repack/tksao/frame/frame.C:919:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nanTrueColor[4]; // color encoded
data/saods9-8.2+repack/tksao/frame/frame.C:939:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, nanTrueColor, bytesPerPixel);
data/saods9-8.2+repack/tksao/frame/frame.C:942:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, bgTrueColor, bytesPerPixel);
data/saods9-8.2+repack/tksao/frame/frame.C:945:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, table+(*src), bytesPerPixel);
data/saods9-8.2+repack/tksao/frame/frame.C:1069:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, buf, dx*dy);
data/saods9-8.2+repack/tksao/frame/frame3d.C:985:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(colorCells, cells, cnt*3);
data/saods9-8.2+repack/tksao/frame/frame3dbase.C:162:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/saods9-8.2+repack/tksao/frame/frame3dbase.C:1193:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bgTrueColor[4]; // color encoded
data/saods9-8.2+repack/tksao/frame/frame3dbase.C:1241:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src + ((int)vv[1])*srcBytesPerLine +
data/saods9-8.2+repack/tksao/frame/frame3dbase.C:1244:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, bgTrueColor, bytesPerPixel);
data/saods9-8.2+repack/tksao/frame/framebase.C:145:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/saods9-8.2+repack/tksao/frame/framergb.C:343:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(colorCells, cells, cnt*3);
data/saods9-8.2+repack/tksao/frame/framergb.C:689:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest+kk, table+(*src), 1);
data/saods9-8.2+repack/tksao/frame/frcommand.C:207:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/saods9-8.2+repack/tksao/frame/frmarker.C:764:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[4]; /* The array of bytes. The actual size of
data/saods9-8.2+repack/tksao/frame/frmarker.C:776:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, (char*)ba->bytes, ba->used);
data/saods9-8.2+repack/tksao/frame/frmarker.C:3119:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ccmd, len);
data/saods9-8.2+repack/tksao/frame/frmarker.C:3143:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ccmd, len);
data/saods9-8.2+repack/tksao/frame/frmarker.C:4567:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s1,"POINT ");
data/saods9-8.2+repack/tksao/frame/frmarkerxml.C:468:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tile = atoi(cols[ii]);
data/saods9-8.2+repack/tksao/frame/frmarkerxml.C:474:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
width = atoi(cols[ii]);
data/saods9-8.2+repack/tksao/frame/frmarkerxml.C:517:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dash[0] = atoi(tok);
data/saods9-8.2+repack/tksao/frame/frmarkerxml.C:520:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dash[1] = atoi(tok);
data/saods9-8.2+repack/tksao/frame/frmarkerxml.C:579:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fill = atoi(param);
data/saods9-8.2+repack/tksao/frame/frmarkerxml.C:588:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fill = atoi(param);
data/saods9-8.2+repack/tksao/frame/frmarkerxml.C:599:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fill = atoi(param);
data/saods9-8.2+repack/tksao/frame/frmarkerxml.C:610:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fill = atoi(param);
data/saods9-8.2+repack/tksao/frame/frmarkerxml.C:624:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fill = atoi(param);
data/saods9-8.2+repack/tksao/frame/frmarkerxml.C:636:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
arrow1 = atoi(param);
data/saods9-8.2+repack/tksao/frame/frmarkerxml.C:638:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
arrow2 = atoi(param2);
data/saods9-8.2+repack/tksao/frame/frmarkerxml.C:648:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
arrow = atoi(param);
data/saods9-8.2+repack/tksao/frame/frmarkerxml.C:675:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rotate = atoi(param);
data/saods9-8.2+repack/tksao/frame/frmarkerxml.C:690:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size = atoi(param2);
data/saods9-8.2+repack/tksao/frame/frmarkerxml.C:742:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
arrow1 = atoi(param4);
data/saods9-8.2+repack/tksao/frame/frmarkerxml.C:745:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
arrow2 = atoi(param5);
data/saods9-8.2+repack/tksao/frame/frmarkerxml.C:843:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(str))
data/saods9-8.2+repack/tksao/frame/frsave.C:370:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[diff];
data/saods9-8.2+repack/tksao/frame/frsave.C:455:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[81];
data/saods9-8.2+repack/tksao/frame/frscale.C:73:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(histequ_,a.histequ_,a.histequSize_*sizeof(double));
data/saods9-8.2+repack/tksao/frame/frscale.C:81:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(histogramX_,a.histogramX_,a.histogramSize_*sizeof(double));
data/saods9-8.2+repack/tksao/frame/frscale.C:87:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(histogramY_,a.histogramY_,a.histogramSize_*sizeof(double));
data/saods9-8.2+repack/tksao/frame/frscale.C:123:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(histequ_,a.histequ_,a.histequSize_*sizeof(double));
data/saods9-8.2+repack/tksao/frame/frscale.C:132:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(histogramX_,a.histogramX_,a.histogramSize_*sizeof(double));
data/saods9-8.2+repack/tksao/frame/frscale.C:140:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(histogramY_,a.histogramY_,a.histogramSize_*sizeof(double));
data/saods9-8.2+repack/tksao/frame/lex.C:3465:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
frlval->integer = atoi(yytext);
data/saods9-8.2+repack/tksao/frame/line.C:14:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_,"line");
data/saods9-8.2+repack/tksao/frame/line.C:32:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_,"line");
data/saods9-8.2+repack/tksao/frame/marker.C:361:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dl[2];
data/saods9-8.2+repack/tksao/frame/marker.C:879:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char family[16] = "";
data/saods9-8.2+repack/tksao/frame/marker.C:881:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char weight[16] = "";
data/saods9-8.2+repack/tksao/frame/marker.C:882:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char slant[16] = "";
data/saods9-8.2+repack/tksao/frame/marker.C:888:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(slant,"roman");
data/saods9-8.2+repack/tksao/frame/marker.C:1874:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dptr,"&",5);
data/saods9-8.2+repack/tksao/frame/marker.C:1879:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dptr,"<",4);
data/saods9-8.2+repack/tksao/frame/marker.C:1883:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dptr,">",4);
data/saods9-8.2+repack/tksao/frame/marker.C:1887:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dptr,"'",6);
data/saods9-8.2+repack/tksao/frame/marker.C:1891:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dptr,""",6);
data/saods9-8.2+repack/tksao/frame/marker.h:55:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type_[64];
data/saods9-8.2+repack/tksao/frame/marker.h:111:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ra[32]; // tmp storage
data/saods9-8.2+repack/tksao/frame/marker.h:112:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dec[32]; // tmp storage
data/saods9-8.2+repack/tksao/frame/parser.C:816:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char currentColor[16];
data/saods9-8.2+repack/tksao/frame/parser.C:819:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char currentFont[32];
data/saods9-8.2+repack/tksao/frame/parser.C:820:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char currentText[80];
data/saods9-8.2+repack/tksao/frame/parser.C:855:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[FRBUFSIZE];
data/saods9-8.2+repack/tksao/frame/parser.C:4824:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/saods9-8.2+repack/tksao/frame/parser.C:4841:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/saods9-8.2+repack/tksao/frame/parser.C:5014:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/saods9-8.2+repack/tksao/frame/parser.H:757:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[FRBUFSIZE];
data/saods9-8.2+repack/tksao/frame/point.C:14:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_, "point");
data/saods9-8.2+repack/tksao/frame/point.C:34:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_, "point");
data/saods9-8.2+repack/tksao/frame/point.C:142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dl[2];
data/saods9-8.2+repack/tksao/frame/polygon.C:17:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_, "polygon");
data/saods9-8.2+repack/tksao/frame/polygon.C:30:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_, "polygon");
data/saods9-8.2+repack/tksao/frame/polygon.C:42:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_, "polygon");
data/saods9-8.2+repack/tksao/frame/projection.C:25:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_,"projection");
data/saods9-8.2+repack/tksao/frame/proslex.C:1149:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
proslval->integer = atoi(yytext);
data/saods9-8.2+repack/tksao/frame/prosparser.C:176:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char color[32];
data/saods9-8.2+repack/tksao/frame/prosparser.C:182:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char localComment[80];
data/saods9-8.2+repack/tksao/frame/prosparser.C:195:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char aComment[80];
data/saods9-8.2+repack/tksao/frame/prosparser.C:227:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[PROSBUFSIZE];
data/saods9-8.2+repack/tksao/frame/prosparser.C:1199:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/saods9-8.2+repack/tksao/frame/prosparser.C:1216:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/saods9-8.2+repack/tksao/frame/prosparser.C:1389:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/saods9-8.2+repack/tksao/frame/prosparser.C:1629:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(color, "green");
data/saods9-8.2+repack/tksao/frame/prosparser.H:116:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[PROSBUFSIZE];
data/saods9-8.2+repack/tksao/frame/ruler.C:37:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_,"ruler");
data/saods9-8.2+repack/tksao/frame/ruler.C:453:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/saods9-8.2+repack/tksao/frame/ruler.h:18:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char distSpec[32];
data/saods9-8.2+repack/tksao/frame/saolex.C:796:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
saolval->integer = atoi(yytext);
data/saods9-8.2+repack/tksao/frame/saoparser.C:143:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char color[32];
data/saods9-8.2+repack/tksao/frame/saoparser.C:149:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char localComment[80];
data/saods9-8.2+repack/tksao/frame/saoparser.C:162:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char aComment[80];
data/saods9-8.2+repack/tksao/frame/saoparser.C:193:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[SAOBUFSIZE];
data/saods9-8.2+repack/tksao/frame/saoparser.C:1111:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/saods9-8.2+repack/tksao/frame/saoparser.C:1128:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/saods9-8.2+repack/tksao/frame/saoparser.C:1301:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/saods9-8.2+repack/tksao/frame/saoparser.C:1541:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(color, "green");
data/saods9-8.2+repack/tksao/frame/saoparser.H:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[SAOBUFSIZE];
data/saods9-8.2+repack/tksao/frame/segment.C:12:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_, "segment");
data/saods9-8.2+repack/tksao/frame/segment.C:24:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_, "segment");
data/saods9-8.2+repack/tksao/frame/segment.C:35:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_, "segment");
data/saods9-8.2+repack/tksao/frame/text.C:26:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_,"text");
data/saods9-8.2+repack/tksao/frame/tnglex.C:1129:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tnglval->integer = atoi(yytext);
data/saods9-8.2+repack/tksao/frame/tngparser.C:198:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char globalColor[32];
data/saods9-8.2+repack/tksao/frame/tngparser.C:199:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char localColor[32];
data/saods9-8.2+repack/tksao/frame/tngparser.C:204:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char globalFont[32];
data/saods9-8.2+repack/tksao/frame/tngparser.C:206:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char globalText[80];
data/saods9-8.2+repack/tksao/frame/tngparser.C:207:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char localText[80];
data/saods9-8.2+repack/tksao/frame/tngparser.C:209:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char localComment[80];
data/saods9-8.2+repack/tksao/frame/tngparser.C:245:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[TNGBUFSIZE];
data/saods9-8.2+repack/tksao/frame/tngparser.C:1178:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/saods9-8.2+repack/tksao/frame/tngparser.C:1195:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/saods9-8.2+repack/tksao/frame/tngparser.C:1368:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/saods9-8.2+repack/tksao/frame/tngparser.C:1755:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(globalColor,"green");
data/saods9-8.2+repack/tksao/frame/tngparser.C:1756:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(globalFont,"helvetica 10 normal roman");
data/saods9-8.2+repack/tksao/frame/tngparser.C:1886:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{strcpy(localColor,"white");;}
data/saods9-8.2+repack/tksao/frame/tngparser.C:1891:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{strcpy(localColor,"black");;}
data/saods9-8.2+repack/tksao/frame/tngparser.C:1896:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{strcpy(localColor,"red");;}
data/saods9-8.2+repack/tksao/frame/tngparser.C:1901:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{strcpy(localColor,"green");;}
data/saods9-8.2+repack/tksao/frame/tngparser.C:1906:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{strcpy(localColor,"blue");;}
data/saods9-8.2+repack/tksao/frame/tngparser.C:1911:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{strcpy(localColor,"cyan");;}
data/saods9-8.2+repack/tksao/frame/tngparser.C:1916:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{strcpy(localColor,"magenta");;}
data/saods9-8.2+repack/tksao/frame/tngparser.C:1921:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{strcpy(localColor,"yellow");;}
data/saods9-8.2+repack/tksao/frame/tngparser.C:1927:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(localColor,"green");
data/saods9-8.2+repack/tksao/frame/tngparser.C:1935:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(localColor,"red");
data/saods9-8.2+repack/tksao/frame/tngparser.H:138:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[TNGBUFSIZE];
data/saods9-8.2+repack/tksao/frame/vect.C:11:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_,"vector");
data/saods9-8.2+repack/tksao/frame/vect.C:25:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_,"vector");
data/saods9-8.2+repack/tksao/frame/vect.C:39:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_,"vector");
data/saods9-8.2+repack/tksao/frame/xylex.C:1027:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xylval->integer = atoi(yytext);
data/saods9-8.2+repack/tksao/frame/xyparser.C:208:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char color[32];
data/saods9-8.2+repack/tksao/frame/xyparser.C:248:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[XYBUFSIZE];
data/saods9-8.2+repack/tksao/frame/xyparser.C:1142:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/saods9-8.2+repack/tksao/frame/xyparser.C:1159:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/saods9-8.2+repack/tksao/frame/xyparser.C:1332:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/saods9-8.2+repack/tksao/frame/xyparser.C:1572:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(color, "green");
data/saods9-8.2+repack/tksao/frame/xyparser.H:158:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[XYBUFSIZE];
data/saods9-8.2+repack/tksao/magnifier/lex.C:776:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mglval->integer = atoi(yytext);
data/saods9-8.2+repack/tksao/magnifier/parser.C:167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024];
data/saods9-8.2+repack/tksao/magnifier/parser.C:969:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/saods9-8.2+repack/tksao/magnifier/parser.C:986:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/saods9-8.2+repack/tksao/magnifier/parser.C:1159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/saods9-8.2+repack/tksao/magnifier/parser.H:98:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024];
data/saods9-8.2+repack/tksao/panner/lex.C:890:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pnlval->integer = atoi(yytext);
data/saods9-8.2+repack/tksao/panner/parser.C:193:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024];
data/saods9-8.2+repack/tksao/panner/parser.C:1072:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/saods9-8.2+repack/tksao/panner/parser.C:1089:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/saods9-8.2+repack/tksao/panner/parser.C:1262:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/saods9-8.2+repack/tksao/panner/parser.H:124:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024];
data/saods9-8.2+repack/tksao/tkutil/fdstream.hpp:111:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[bufSize+pbSize]; // data buffer
data/saods9-8.2+repack/tksao/tkutil/grf3d.C:377:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int astG3DText(const char *text, float ref[3], const char *just,
data/saods9-8.2+repack/tksao/tkutil/grf3d.C:377:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int astG3DText(const char *text, float ref[3], const char *just,
data/saods9-8.2+repack/tksao/tkutil/grf3d.C:455:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int astG3DTxExt(const char *text, float ref[3], const char *just,
data/saods9-8.2+repack/tksao/tkutil/grf3d.C:455:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int astG3DTxExt(const char *text, float ref[3], const char *just,
data/saods9-8.2+repack/tksao/tkutil/ps.C:215:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr_,d,s);
data/saods9-8.2+repack/tksao/tkutil/ps.h:63:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rle[RLESIZE];
data/saods9-8.2+repack/tksao/tkutil/ps.h:120:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[4];
data/saods9-8.2+repack/tksao/tkutil/psutil.C:165:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(str);
data/saods9-8.2+repack/tksao/tkutil/psutil.h:17:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char psFonts[12][32] = {
data/saods9-8.2+repack/tksao/widget/truecolor16.C:75:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, &v, 2);
data/saods9-8.2+repack/tksao/widget/truecolor16.C:92:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, &v, 2);
data/saods9-8.2+repack/tksao/widget/truecolor16.C:125:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, &v, 2);
data/saods9-8.2+repack/tksao/widget/truecolor24.C:101:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, &v, 3);
data/saods9-8.2+repack/tksao/widget/truecolor24.C:116:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, src, 3);
data/saods9-8.2+repack/tksao/widget/truecolor24.C:146:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, &v, 4);
data/saods9-8.2+repack/tksao/widget/truecolor24.C:162:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, &v, 4);
data/saods9-8.2+repack/tksao/widget/truecolor24.C:212:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, &v, 3);
data/saods9-8.2+repack/tksao/widget/truecolor24.C:265:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, &v, 4);
data/saods9-8.2+repack/tksao/widget/widget.C:233:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xStr[TCL_DOUBLE_SPACE], yStr[TCL_DOUBLE_SPACE];
data/saods9-8.2+repack/util/util.C:98:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tobuf[1024];
data/saods9-8.2+repack/fitsy/card.C:284:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* cpy = new char[strlen(value)+1];
data/saods9-8.2+repack/fitsy/column.C:129:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf_, ptr+offset_, width_);
data/saods9-8.2+repack/fitsy/column.C:249:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf_, ptr+offset_, width_);
data/saods9-8.2+repack/fitsy/column.C:307:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf_, ptr+offset_+i, 1);
data/saods9-8.2+repack/fitsy/envilex.C:900:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(envilval->str,""); // feed a blank string
data/saods9-8.2+repack/fitsy/envilex.C:910:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(envilval->str,yytext,ll);
data/saods9-8.2+repack/fitsy/envilex.C:1209:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(envilval->str,yytext,ll);
data/saods9-8.2+repack/fitsy/envilex.C:1263:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(envilval->str,yytext,ll);
data/saods9-8.2+repack/fitsy/envilex.C:1517:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void) yyin->read( buf, max_size );
data/saods9-8.2+repack/fitsy/enviparser.C:1088:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/saods9-8.2+repack/fitsy/hdu.C:24:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int ii=strlen(extname_)-1; ii>=0; ii--) {
data/saods9-8.2+repack/fitsy/hdu.C:182:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(n,t,strlen(n)) && strlen(n)==strlen(t)) {
data/saods9-8.2+repack/fitsy/hdu.C:182:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(n,t,strlen(n)) && strlen(n)==strlen(t)) {
data/saods9-8.2+repack/fitsy/hdu.C:182:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(n,t,strlen(n)) && strlen(n)==strlen(t)) {
data/saods9-8.2+repack/fitsy/head.C:560:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(key);
data/saods9-8.2+repack/fitsy/head.C:581:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(key);
data/saods9-8.2+repack/fitsy/hist.C:269:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(key,cc,8);
data/saods9-8.2+repack/fitsy/lex.C:1247:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void) yyin->read( buf, max_size );
data/saods9-8.2+repack/fitsy/map.C:162:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(a,b,strlen(b))) {
data/saods9-8.2+repack/fitsy/map.C:324:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(a,b,strlen(b))) {
data/saods9-8.2+repack/fitsy/mapincr.C:359:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(a,b,strlen(b))) {
data/saods9-8.2+repack/fitsy/mapincr.C:502:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(a,b,strlen(b))) {
data/saods9-8.2+repack/fitsy/nrrdlex.C:988:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(nrrdlval->str,""); // feed a blank string
data/saods9-8.2+repack/fitsy/nrrdlex.C:998:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(nrrdlval->str,yytext,ll);
data/saods9-8.2+repack/fitsy/nrrdlex.C:1486:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(nrrdlval->str,yytext+1,ll); // skip the '{'
data/saods9-8.2+repack/fitsy/nrrdlex.C:1496:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(nrrdlval->str,yytext,ll);
data/saods9-8.2+repack/fitsy/nrrdlex.C:1756:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void) yyin->read( buf, max_size );
data/saods9-8.2+repack/fitsy/nrrdparser.C:1252:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/saods9-8.2+repack/fitsy/parser.C:1086:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/saods9-8.2+repack/fitsy/savefits.C:78:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ll = strlen(ddptr);
data/saods9-8.2+repack/fitsy/shmload.C:75:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fd.read(addr,fnsize);
data/saods9-8.2+repack/fitsy/strm.C:34:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
template <> size_t FitsStream<FILE*>::read(char* where, size_t size)
data/saods9-8.2+repack/fitsy/strm.C:59:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
template <> size_t FitsStream<int>::read(char* where, size_t size)
data/saods9-8.2+repack/fitsy/strm.C:77:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
template <> size_t FitsStream<int>::read(char* where, size_t size)
data/saods9-8.2+repack/fitsy/strm.C:90:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
template <> size_t FitsStream<gzStream>::read(char* where, size_t size)
data/saods9-8.2+repack/fitsy/strm.C:184:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
template <> size_t FitsStream<gzStream>::read(char* where, size_t size)
data/saods9-8.2+repack/fitsy/strm.C:194:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
template <> size_t FitsStream<Tcl_Channel>::read(char* where, size_t size)
data/saods9-8.2+repack/fitsy/strm.C:214:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
template <> size_t FitsStream<gzFile>::read(char* where, size_t size)
data/saods9-8.2+repack/fitsy/strm.C:243:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(cards, FTY_BLOCK) != FTY_BLOCK) {
data/saods9-8.2+repack/fitsy/strm.C:279:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(current, FTY_BLOCK) != FTY_BLOCK) {
data/saods9-8.2+repack/fitsy/strm.C:312:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t rr = read((char*)data_, bytes);
data/saods9-8.2+repack/fitsy/strm.C:337:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(block, (bytes < FTY_BLOCK ? bytes : FTY_BLOCK));
data/saods9-8.2+repack/fitsy/strm.C:350:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(block, FTY_BLOCK);
data/saods9-8.2+repack/fitsy/strm.C:359:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes = read(block, FTY_BLOCK);
data/saods9-8.2+repack/fitsy/strm.C:498:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(a,b,strlen(b))) {
data/saods9-8.2+repack/fitsy/strm.C:637:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(a,b,strlen(b))) {
data/saods9-8.2+repack/fitsy/strm.C:827:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int cc = this->read(dptr,1);
data/saods9-8.2+repack/fitsy/strm.h:33:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t read(char*, size_t);
data/saods9-8.2+repack/tcliis/iis.c:377:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
addrlen = sizeof(sockaddr) - sizeof(sockaddr.sun_path) + strlen(path);
data/saods9-8.2+repack/tcliis/iis.c:396:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (chan->path, path, SZ_FNAME);
data/saods9-8.2+repack/tcliis/iis.c:831:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write (2, text, strlen (text));
data/saods9-8.2+repack/tcliis/iis.c:855:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write (2, text, strlen(text));
data/saods9-8.2+repack/tcliis/iis.c:881:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (chan->rf_p->wcsbuf, buf,
data/saods9-8.2+repack/tcliis/iis.c:1325:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ct->imtitle, "[NO WCS]\n", SZ_IMTITLE);
data/saods9-8.2+repack/tcliis/iis.c:1336:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ct->imtitle, buf, SZ_IMTITLE);
data/saods9-8.2+repack/tcliis/iis.c:1393:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ct->imtitle, "[NO WCS]\n", SZ_IMTITLE);
data/saods9-8.2+repack/tcliis/iis.c:1399:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ct->imtitle, buf, SZ_IMTITLE);
data/saods9-8.2+repack/tcliis/iis.c:1424:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (mp->region, "none", SZ_IMTITLE);
data/saods9-8.2+repack/tcliis/iis.c:1425:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (mp->ref, "none", SZ_IMTITLE);
data/saods9-8.2+repack/tcliis/iis.c:1492:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( (nb = read(fd, ptr, nleft)) < 0) {
data/saods9-8.2+repack/tcliis/iistcl.C:36:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
copy=new char[strlen(str)+1];
data/saods9-8.2+repack/tcliis/iistcl.C:128:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xim.imtoolrc = (char *) calloc(strlen(FBCONFIG_2)+1, sizeof(char));
data/saods9-8.2+repack/tcliis/iistcl.C:129:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (xim.imtoolrc, FBCONFIG_2, strlen(FBCONFIG_2));
data/saods9-8.2+repack/tcliis/iistcl.C:129:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy (xim.imtoolrc, FBCONFIG_2, strlen(FBCONFIG_2));
data/saods9-8.2+repack/tcliis/util.c:91:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (xim->imtoolrc, fname, strlen(fname));
data/saods9-8.2+repack/tcliis/util.c:91:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy (xim->imtoolrc, fname, strlen(fname));
data/saods9-8.2+repack/tcliis/util.c:101:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xim->imtoolrc = calloc(strlen(fb_paths[i])+1,sizeof(char));
data/saods9-8.2+repack/tcliis/util.c:102:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (xim->imtoolrc, fb_paths[i],strlen(fb_paths[i]));
data/saods9-8.2+repack/tcliis/util.c:102:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy (xim->imtoolrc, fb_paths[i],strlen(fb_paths[i]));
data/saods9-8.2+repack/tksao/colorbar/colorbarbase.C:214:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ticktxt[ii] = new char[strlen(str.str().c_str())+1];
data/saods9-8.2+repack/tksao/colorbar/colorbarbase.C:238:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int aa = Tk_TextWidth(font, ticktxt[ii], strlen(ticktxt[ii]));
data/saods9-8.2+repack/tksao/colorbar/colorbarbase.C:437:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int txtwidth = Tk_TextWidth(font, ticktxt[ii], strlen(ticktxt[ii]));
data/saods9-8.2+repack/tksao/colorbar/colorbarbase.C:441:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ticktxt[ii]), www, hhh);
data/saods9-8.2+repack/tksao/colorbar/colorbarbase.C:455:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ticktxt[ii]), www, hhh);
data/saods9-8.2+repack/tksao/colorbar/colorbarbase.C:1117:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int txtwidth = Tk_TextWidth(font, ticktxt[ii], strlen(ticktxt[ii]));
data/saods9-8.2+repack/tksao/colorbar/lex.C:1147:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cblval->str,yytext+1,ll); // skip the " "
data/saods9-8.2+repack/tksao/colorbar/lex.C:1157:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cblval->str,yytext+1,ll); // skip the '{'
data/saods9-8.2+repack/tksao/colorbar/lex.C:1167:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cblval->str,yytext,ll);
data/saods9-8.2+repack/tksao/colorbar/lex.C:1399:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void) yyin->read( buf, max_size );
data/saods9-8.2+repack/tksao/colorbar/lut.C:77:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(ccmd)+2;
data/saods9-8.2+repack/tksao/colorbar/lutlex.C:667:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(rgblval->str,""); // feed a blank string
data/saods9-8.2+repack/tksao/colorbar/lutlex.C:677:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(rgblval->str,yytext,ll);
data/saods9-8.2+repack/tksao/colorbar/lutlex.C:740:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(rgblval->str,yytext,ll);
data/saods9-8.2+repack/tksao/colorbar/lutlex.C:993:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void) yyin->read( buf, max_size );
data/saods9-8.2+repack/tksao/colorbar/lutparser.C:836:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/saods9-8.2+repack/tksao/colorbar/parser.C:1061:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/saods9-8.2+repack/tksao/colorbar/sao.C:86:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(ccmd)+2;
data/saods9-8.2+repack/tksao/colorbar/saolex.C:697:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(lilval->str,""); // feed a blank string
data/saods9-8.2+repack/tksao/colorbar/saolex.C:707:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lilval->str,yytext,ll);
data/saods9-8.2+repack/tksao/colorbar/saolex.C:800:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lilval->str,yytext,ll);
data/saods9-8.2+repack/tksao/colorbar/saolex.C:1053:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void) yyin->read( buf, max_size );
data/saods9-8.2+repack/tksao/colorbar/saoparser.C:863:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/saods9-8.2+repack/tksao/frame/base.C:1739:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ll = strlen(base);
data/saods9-8.2+repack/tksao/frame/basecommand.C:728:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(ccmd)+2;
data/saods9-8.2+repack/tksao/frame/basecommand.C:756:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(ccmd)+2;
data/saods9-8.2+repack/tksao/frame/basecommand.C:802:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fn && (fn[strlen(fn)-1] != ']')) {
data/saods9-8.2+repack/tksao/frame/callback.C:43:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(proc_, proc, 64);
data/saods9-8.2+repack/tksao/frame/callback.C:48:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(arg_, arg, 64);
data/saods9-8.2+repack/tksao/frame/ciaolex.C:916:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ciaolval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/ciaolex.C:928:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ciaolval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/ciaolex.C:940:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ciaolval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/ciaolex.C:1205:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void) yyin->read( buf, max_size );
data/saods9-8.2+repack/tksao/frame/ciaoparser.C:986:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/saods9-8.2+repack/tksao/frame/compass.C:89:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
float r1 = Tk_TextWidth(tkfont_, northText, strlen(northText))/2.;
data/saods9-8.2+repack/tksao/frame/compass.C:98:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(northText), ddd[0], ddd[1]);
data/saods9-8.2+repack/tksao/frame/compass.C:102:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
float r1 = Tk_TextWidth(tkfont_, eastText, strlen(eastText))/2.;
data/saods9-8.2+repack/tksao/frame/compass.C:110:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(eastText), eee[0], eee[1]);
data/saods9-8.2+repack/tksao/frame/compass.C:360:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
float r1 = Tk_TextWidth(tkfont_, northText, strlen(northText))/2.;
data/saods9-8.2+repack/tksao/frame/compass.C:371:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
float r1 = Tk_TextWidth(tkfont_, eastText, strlen(eastText))/2.;
data/saods9-8.2+repack/tksao/frame/compass.C:431:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
float r1 = Tk_TextWidth(tkfont_, northText, strlen(northText))/2.;
data/saods9-8.2+repack/tksao/frame/compass.C:444:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
float r1 = Tk_TextWidth(tkfont_, eastText, strlen(eastText))/2.;
data/saods9-8.2+repack/tksao/frame/contourlex.C:998:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ctlval->str,""); // feed a blank string
data/saods9-8.2+repack/tksao/frame/contourlex.C:1008:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctlval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/contourlex.C:1356:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctlval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/contourlex.C:1368:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctlval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/contourlex.C:1380:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctlval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/contourlex.C:1390:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctlval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/contourlex.C:1400:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctlval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/contourlex.C:1410:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctlval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/contourlex.C:1422:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctlval->str,yytext+1,ll); // skip the " "
data/saods9-8.2+repack/tksao/frame/contourlex.C:1432:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctlval->str,yytext+1,ll); // skip the '{'
data/saods9-8.2+repack/tksao/frame/contourlex.C:1442:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctlval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/contourlex.C:1702:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void) yyin->read( buf, max_size );
data/saods9-8.2+repack/tksao/frame/contourparser.C:1166:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/saods9-8.2+repack/tksao/frame/contourparser.C:2124:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{strncpy(globalColor,(yyvsp[(3) - (3)].str),16);;}
data/saods9-8.2+repack/tksao/frame/contourparser.C:2149:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{strncpy(localColor,(yyvsp[(3) - (3)].str),16);;}
data/saods9-8.2+repack/tksao/frame/coord.h:16:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define STRCMP(which,str,cnt) (!strncmp(toConstLower(which), str, cnt) && strlen(which)==cnt)
data/saods9-8.2+repack/tksao/frame/ds9lex.C:1725:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(mklval->str,""); // feed a blank string
data/saods9-8.2+repack/tksao/frame/ds9lex.C:1735:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mklval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/ds9lex.C:2404:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mklval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/ds9lex.C:2416:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mklval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/ds9lex.C:2428:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mklval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/ds9lex.C:2438:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mklval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/ds9lex.C:2448:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mklval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/ds9lex.C:2458:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mklval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/ds9lex.C:2470:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mklval->str,yytext+1,ll); // skip the " "
data/saods9-8.2+repack/tksao/frame/ds9lex.C:2480:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mklval->str,yytext+1,ll); // skip the '{'
data/saods9-8.2+repack/tksao/frame/ds9lex.C:2490:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mklval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/ds9lex.C:2750:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void) yyin->read( buf, max_size );
data/saods9-8.2+repack/tksao/frame/ds9parser.C:2228:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/saods9-8.2+repack/tksao/frame/ds9parser.C:2818:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{strncpy(localComment,(yyvsp[(3) - (4)].str),80);;}
data/saods9-8.2+repack/tksao/frame/ds9parser.C:2828:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{strncpy(localComment,(yyvsp[(4) - (5)].str),80);;}
data/saods9-8.2+repack/tksao/frame/ds9parser.C:2838:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{strncpy(localComment,(yyvsp[(2) - (3)].str),80);;}
data/saods9-8.2+repack/tksao/frame/ds9parser.C:2848:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{strncpy(localComment,(yyvsp[(3) - (4)].str),80);;}
data/saods9-8.2+repack/tksao/frame/ds9parser.C:3530:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(globalColor,(yyvsp[(3) - (3)].str),16);
data/saods9-8.2+repack/tksao/frame/ds9parser.C:3531:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(localColor,(yyvsp[(3) - (3)].str),16);
data/saods9-8.2+repack/tksao/frame/ds9parser.C:3551:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(globalFont,(yyvsp[(3) - (3)].str),32);
data/saods9-8.2+repack/tksao/frame/ds9parser.C:3552:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(localFont,(yyvsp[(3) - (3)].str),32);
data/saods9-8.2+repack/tksao/frame/ds9parser.C:3559:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(globalText,(yyvsp[(3) - (3)].str),80);
data/saods9-8.2+repack/tksao/frame/ds9parser.C:3560:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(localText,(yyvsp[(3) - (3)].str),80);
data/saods9-8.2+repack/tksao/frame/ds9parser.C:3635:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{strncpy(globalRulerDistSpec,(yyvsp[(3) - (3)].str),32);;}
data/saods9-8.2+repack/tksao/frame/ds9parser.C:3641:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(globalCompassNorth,(yyvsp[(4) - (7)].str),80);
data/saods9-8.2+repack/tksao/frame/ds9parser.C:3642:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(globalCompassEast,(yyvsp[(5) - (7)].str),80);
data/saods9-8.2+repack/tksao/frame/ds9parser.C:3643:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(localCompassNorth,(yyvsp[(4) - (7)].str),80);
data/saods9-8.2+repack/tksao/frame/ds9parser.C:3644:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(localCompassEast,(yyvsp[(5) - (7)].str),80);
data/saods9-8.2+repack/tksao/frame/ds9parser.C:3803:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(globalText,"");
data/saods9-8.2+repack/tksao/frame/ds9parser.C:3818:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(globalCompassNorth,"N");
data/saods9-8.2+repack/tksao/frame/ds9parser.C:3819:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(globalCompassEast,"E");
data/saods9-8.2+repack/tksao/frame/ds9parser.C:3841:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(localColor,(yyvsp[(3) - (3)].str),16);
data/saods9-8.2+repack/tksao/frame/ds9parser.C:3860:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{strncpy(localFont,(yyvsp[(3) - (3)].str),32);;}
data/saods9-8.2+repack/tksao/frame/ds9parser.C:3865:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{strncpy(localText,(yyvsp[(3) - (3)].str),80);;}
data/saods9-8.2+repack/tksao/frame/ds9parser.C:3926:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{strncpy(localRulerDistSpec,(yyvsp[(3) - (3)].str),32);;}
data/saods9-8.2+repack/tksao/frame/ds9parser.C:3932:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(localCompassNorth,(yyvsp[(4) - (7)].str),80);
data/saods9-8.2+repack/tksao/frame/ds9parser.C:3933:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(localCompassEast,(yyvsp[(5) - (7)].str),80);
data/saods9-8.2+repack/tksao/frame/ds9parser.C:4141:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(localComment,"");
data/saods9-8.2+repack/tksao/frame/ds9parser.C:4157:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(localRulerDistSpec,globalRulerDistSpec,32);
data/saods9-8.2+repack/tksao/frame/ds9parser.C:4160:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(localCompassNorth,globalCompassNorth,80);
data/saods9-8.2+repack/tksao/frame/ds9parser.C:4161:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(localCompassEast,globalCompassEast,80);
data/saods9-8.2+repack/tksao/frame/ds9parser.C:4339:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(aColor,localColor,16);
data/saods9-8.2+repack/tksao/frame/ds9parser.C:4343:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(aFont,localFont,32);
data/saods9-8.2+repack/tksao/frame/ds9parser.C:4344:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(aText,localText,80);
data/saods9-8.2+repack/tksao/frame/ds9parser.C:4345:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(aComment,localComment,80);
data/saods9-8.2+repack/tksao/frame/ds9parser.C:4365:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(aColor,localColor,16);
data/saods9-8.2+repack/tksao/frame/ds9parser.C:4369:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(aFont,localFont,32);
data/saods9-8.2+repack/tksao/frame/ds9parser.C:4370:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(aText,localText,80);
data/saods9-8.2+repack/tksao/frame/ds9parser.C:4371:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(aComment,localComment,80);
data/saods9-8.2+repack/tksao/frame/ds9parser.C:4456:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{strncpy(localText,(yyvsp[(5) - (6)].str),80);;}
data/saods9-8.2+repack/tksao/frame/fitsimage.C:1580:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) > 0) {
data/saods9-8.2+repack/tksao/frame/fitsimage.C:1603:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(val,ss,ll);
data/saods9-8.2+repack/tksao/frame/fitsimage.C:1613:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) <= 80) {
data/saods9-8.2+repack/tksao/frame/fitsimage.C:3135:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lss = strlen(ss);
data/saods9-8.2+repack/tksao/frame/fitsimage.C:3395:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf,cards+(ii*80),80);
data/saods9-8.2+repack/tksao/frame/fitsimage.C:3487:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf,cards+(i*80),80);
data/saods9-8.2+repack/tksao/frame/frmarker.C:3117:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(ccmd)+2;
data/saods9-8.2+repack/tksao/frame/frmarker.C:3141:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(ccmd)+2;
data/saods9-8.2+repack/tksao/frame/frmarker.C:4484:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fn && (fn[strlen(fn)-1] != ']')) {
data/saods9-8.2+repack/tksao/frame/frmarkerxml.C:17:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
str->read(buffer,len);
data/saods9-8.2+repack/tksao/frame/fvcontour.C:93:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (level_ && strlen(level_)>0) {
data/saods9-8.2+repack/tksao/frame/lex.C:3516:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(frlval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/lex.C:3528:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(frlval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/lex.C:3540:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(frlval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/lex.C:3554:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(frlval->str,yytext+1,ll); // skip the " "
data/saods9-8.2+repack/tksao/frame/lex.C:3565:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(frlval->str,yytext+1,ll); // skip the '{'
data/saods9-8.2+repack/tksao/frame/lex.C:3575:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(frlval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/lex.C:3807:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void) yyin->read( buf, max_size );
data/saods9-8.2+repack/tksao/frame/marker.C:293:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int width = Tk_TextWidth(tkfont_, text, strlen(text));
data/saods9-8.2+repack/tksao/frame/marker.C:309:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tk_DrawChars(display, drawable, lgc, tkfont_, text, strlen(text),
data/saods9-8.2+repack/tksao/frame/marker.C:599:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int width = Tk_TextWidth(tkfont_, text, strlen(text));
data/saods9-8.2+repack/tksao/frame/marker.C:672:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int width = Tk_TextWidth(tkfont_, text, strlen(text));
data/saods9-8.2+repack/tksao/frame/marker.C:1864:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* dest = new char[strlen(src)*7+1];
data/saods9-8.2+repack/tksao/frame/parser.C:4705:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/saods9-8.2+repack/tksao/frame/parser.C:10032:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(currentFont, "helvetica 10 normal roman", 32);
data/saods9-8.2+repack/tksao/frame/parser.C:10033:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(currentColor, "green", 16);
data/saods9-8.2+repack/tksao/frame/parser.C:10037:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(currentText, "", 80);
data/saods9-8.2+repack/tksao/frame/parser.C:10166:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{strncpy(currentColor,(yyvsp[(3) - (3)].str),16);;}
data/saods9-8.2+repack/tksao/frame/parser.C:10181:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{strncpy(currentFont,(yyvsp[(3) - (3)].str),32);;}
data/saods9-8.2+repack/tksao/frame/parser.C:10186:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{strncpy(currentText,(yyvsp[(3) - (3)].str),80);;}
data/saods9-8.2+repack/tksao/frame/proslex.C:1035:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(proslval->str,""); // feed a blank string
data/saods9-8.2+repack/tksao/frame/proslex.C:1045:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(proslval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/proslex.C:1222:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(proslval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/proslex.C:1234:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(proslval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/proslex.C:1246:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(proslval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/proslex.C:1258:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(proslval->str,yytext+1,ll); // skip the " "
data/saods9-8.2+repack/tksao/frame/proslex.C:1268:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(proslval->str,yytext+1,ll); // skip the '{'
data/saods9-8.2+repack/tksao/frame/proslex.C:1278:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(proslval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/proslex.C:1538:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void) yyin->read( buf, max_size );
data/saods9-8.2+repack/tksao/frame/prosparser.C:1080:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/saods9-8.2+repack/tksao/frame/prosparser.C:1908:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(localComment,"");
data/saods9-8.2+repack/tksao/frame/prosparser.C:1972:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(aComment,localComment,80);
data/saods9-8.2+repack/tksao/frame/prosparser.C:1997:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(aComment,localComment,80);
data/saods9-8.2+repack/tksao/frame/prosparser.C:2092:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{strncpy(localComment,(yyvsp[(3) - (4)].str),80);;}
data/saods9-8.2+repack/tksao/frame/ruler.C:17:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(distSpec, a.distSpec, 32);
data/saods9-8.2+repack/tksao/frame/ruler.C:35:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(distSpec, distspec, 32);
data/saods9-8.2+repack/tksao/frame/ruler.C:75:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int width = Tk_TextWidth(tkfont_, buf, strlen(buf));
data/saods9-8.2+repack/tksao/frame/ruler.C:78:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tk_DrawChars(display, drawable, lgc, tkfont_, buf, strlen(buf),
data/saods9-8.2+repack/tksao/frame/ruler.C:278:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int width = Tk_TextWidth(tkfont_, buf, strlen(buf));
data/saods9-8.2+repack/tksao/frame/ruler.C:330:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int width = Tk_TextWidth(tkfont_, buf, strlen(buf));
data/saods9-8.2+repack/tksao/frame/ruler.C:437:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(distSpec, distspec, 32);
data/saods9-8.2+repack/tksao/frame/saolex.C:717:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(saolval->str,""); // feed a blank string
data/saods9-8.2+repack/tksao/frame/saolex.C:727:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(saolval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/saolex.C:817:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(saolval->str,yytext+1,ll); // skip the " "
data/saods9-8.2+repack/tksao/frame/saolex.C:827:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(saolval->str,yytext+1,ll); // skip the '{'
data/saods9-8.2+repack/tksao/frame/saolex.C:837:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(saolval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/saolex.C:1097:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void) yyin->read( buf, max_size );
data/saods9-8.2+repack/tksao/frame/saoparser.C:992:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/saods9-8.2+repack/tksao/frame/saoparser.C:1700:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(aComment,localComment,80);
data/saods9-8.2+repack/tksao/frame/saoparser.C:1725:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(aComment,localComment,80);
data/saods9-8.2+repack/tksao/frame/saoparser.C:1815:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{strncpy(localComment,(yyvsp[(3) - (4)].str),80);;}
data/saods9-8.2+repack/tksao/frame/text.C:43:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int width = Tk_TextWidth(tkfont_, text, strlen(text));
data/saods9-8.2+repack/tksao/frame/text.C:55:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text, strlen(text),
data/saods9-8.2+repack/tksao/frame/text.C:137:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int width = Tk_TextWidth(tkfont_, text, strlen(text));
data/saods9-8.2+repack/tksao/frame/text.C:162:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int width = Tk_TextWidth(tkfont_, text, strlen(text));
data/saods9-8.2+repack/tksao/frame/text.C:193:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
float ww = Tk_TextWidth(tkfont_, text, strlen(text))/2./parent->zoom_[0];
data/saods9-8.2+repack/tksao/frame/tnglex.C:935:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tnglval->str,""); // feed a blank string
data/saods9-8.2+repack/tksao/frame/tnglex.C:945:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tnglval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/tnglex.C:1161:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tnglval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/tnglex.C:1173:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tnglval->str,yytext+1,yyleng-2); // skip the " "
data/saods9-8.2+repack/tksao/frame/tnglex.C:1183:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tnglval->str,yytext+1,yyleng-2); // skip the '{'
data/saods9-8.2+repack/tksao/frame/tnglex.C:1193:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tnglval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/tnglex.C:1453:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void) yyin->read( buf, max_size );
data/saods9-8.2+repack/tksao/frame/tngparser.C:1059:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/saods9-8.2+repack/tksao/frame/tngparser.C:1757:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(globalText,"");
data/saods9-8.2+repack/tksao/frame/tngparser.C:1776:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(localComment,"");
data/saods9-8.2+repack/tksao/frame/tngparser.C:1778:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(globalText,"");
data/saods9-8.2+repack/tksao/frame/tngparser.C:1836:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{strncpy(localText,(yyvsp[(5) - (6)].str),80);;}
data/saods9-8.2+repack/tksao/frame/tngparser.C:1881:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{strncpy(globalText,(yyvsp[(3) - (3)].str),80);;}
data/saods9-8.2+repack/tksao/frame/tngparser.C:1947:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{strncpy(localComment,(yyvsp[(3) - (3)].str),80);;}
data/saods9-8.2+repack/tksao/frame/xylex.C:1048:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(xylval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/xylex.C:1060:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(xylval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/xylex.C:1072:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(xylval->str,yytext,ll);
data/saods9-8.2+repack/tksao/frame/xylex.C:1323:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void) yyin->read( buf, max_size );
data/saods9-8.2+repack/tksao/frame/xyparser.C:1023:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/saods9-8.2+repack/tksao/magnifier/lex.C:1015:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void) yyin->read( buf, max_size );
data/saods9-8.2+repack/tksao/magnifier/parser.C:850:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/saods9-8.2+repack/tksao/panner/lex.C:1139:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void) yyin->read( buf, max_size );
data/saods9-8.2+repack/tksao/panner/parser.C:953:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/saods9-8.2+repack/tksao/tkutil/fdstream.hpp:156:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
num = read (fd, buffer+pbSize, bufSize);
data/saods9-8.2+repack/tksao/tkutil/grid25dbase.C:167:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int width = Tk_TextWidth(font, txt, strlen(txt));
data/saods9-8.2+repack/tksao/tkutil/grid2dbase.C:151:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int width = Tk_TextWidth(font, txt, strlen(txt));
data/saods9-8.2+repack/tksao/tkutil/grid3dbase.C:172:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int width = Tk_TextWidth(font, txt, strlen(txt));
data/saods9-8.2+repack/tksao/tkutil/grid3dbase.C:210:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int width = Tk_TextWidth(font, txt, strlen(txt));
data/saods9-8.2+repack/tksao/tkutil/gridbase.C:183:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
txt, strlen(txt),
data/saods9-8.2+repack/tksao/tkutil/gridbase.C:398:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int width = Tk_TextWidth(font, txt, strlen(txt));
data/saods9-8.2+repack/tksao/tkutil/psutil.C:130:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
psStr = new char[strlen(str)*2+1]; // worst case size
data/saods9-8.2+repack/tksao/widget/widget.C:467:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd = new char[strlen(options->cmdName)+1];
data/saods9-8.2+repack/util/util.C:52:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
copy=new char[strlen(str)+1];
data/saods9-8.2+repack/util/util.C:102:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tobuf,str,1024);
data/saods9-8.2+repack/util/util.C:113:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tobuf,str,1024);
data/saods9-8.2+repack/vector/vectorstr.C:20:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
copy=new char[strlen(str)+1];
ANALYSIS SUMMARY:
Hits = 982
Lines analyzed = 180235 in approximately 4.67 seconds (38626 lines/second)
Physical Source Lines of Code (SLOC) = 136500
Hits@level = [0] 107 [1] 279 [2] 618 [3] 7 [4] 78 [5] 0
Hits@level+ = [0+] 1089 [1+] 982 [2+] 703 [3+] 85 [4+] 78 [5+] 0
Hits/KSLOC@level+ = [0+] 7.97802 [1+] 7.19414 [2+] 5.15018 [3+] 0.622711 [4+] 0.571429 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.