Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/segyio-1.8.3/applications/segyinfo.c
Examining data/segyio-1.8.3/applications/apputils.h
Examining data/segyio-1.8.3/applications/segyio-crop.c
Examining data/segyio-1.8.3/applications/segyio-catr.c
Examining data/segyio-1.8.3/applications/segyio-catb.c
Examining data/segyio-1.8.3/applications/segyinspect.c
Examining data/segyio-1.8.3/applications/segyio-cath.c
Examining data/segyio-1.8.3/applications/apputils.c
Examining data/segyio-1.8.3/applications/flip-endianness.cpp
Examining data/segyio-1.8.3/lib/include/segyio/segy.h
Examining data/segyio-1.8.3/lib/src/segyio/util.h
Examining data/segyio-1.8.3/lib/src/segy.c
Examining data/segyio-1.8.3/lib/test/matchers.hpp
Examining data/segyio-1.8.3/lib/test/testsuite.cpp
Examining data/segyio-1.8.3/lib/test/test-config.hpp
Examining data/segyio-1.8.3/lib/test/segy.cpp
Examining data/segyio-1.8.3/lib/test/segyio-cpp.cpp
Examining data/segyio-1.8.3/lib/experimental/segyio/segyio.hpp
Examining data/segyio-1.8.3/python/segyio/segyio.cpp
Examining data/segyio-1.8.3/mex/segyspec_mex.c
Examining data/segyio-1.8.3/mex/segy_get_offsets_mex.c
Examining data/segyio-1.8.3/mex/segyutil.c
Examining data/segyio-1.8.3/mex/segy_put_headers_mex.c
Examining data/segyio-1.8.3/mex/segy_read_write_line_mex.c
Examining data/segyio-1.8.3/mex/segy_get_trace_header_mex.c
Examining data/segyio-1.8.3/mex/segy_get_traces_mex.c
Examining data/segyio-1.8.3/mex/segy_get_ntraces_mex.c
Examining data/segyio-1.8.3/mex/segy_get_header_mex.c
Examining data/segyio-1.8.3/mex/segyutil.h
Examining data/segyio-1.8.3/mex/segy_put_traces_mex.c
Examining data/segyio-1.8.3/mex/segy_get_ps_line_mex.c
Examining data/segyio-1.8.3/mex/segy_read_write_ps_line_mex.c
Examining data/segyio-1.8.3/mex/segy_get_segy_header_mex.c
Examining data/segyio-1.8.3/mex/segy_get_field_mex.c
Examining data/segyio-1.8.3/mex/segy_get_bfield_mex.c
Examining data/segyio-1.8.3/external/catch2/dummy.cpp
Examining data/segyio-1.8.3/external/catch2/catch/catch.hpp
FINAL RESULTS:
data/segyio-1.8.3/lib/src/segy.c:472:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( file->mode, binary_mode );
data/segyio-1.8.3/applications/flip-endianness.cpp:113:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long( argc, argv, "e:s:F:f:",
data/segyio-1.8.3/applications/segyio-catb.c:60:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long( argc, argv, "nd",
data/segyio-1.8.3/applications/segyio-cath.c:71:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long( argc, argv, "n:asS",
data/segyio-1.8.3/applications/segyio-catr.c:486:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long( argc, argv, "sSkdnvt:r:f:",
data/segyio-1.8.3/applications/segyio-crop.c:245:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long( argc, argv, "vi:I:x:X:f:s:S:b:B:",
data/segyio-1.8.3/external/catch2/catch/catch.hpp:8476:18: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand( config.rngSeed() );
data/segyio-1.8.3/applications/flip-endianness.cpp:138:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto* in = std::fopen( argv[ optind ], "rb" );
data/segyio-1.8.3/applications/flip-endianness.cpp:144:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto* out = std::fopen( argv[ optind + 1 ], "wb" );
data/segyio-1.8.3/applications/segyinfo.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[ SEGY_BINARY_HEADER_SIZE ];
data/segyio-1.8.3/applications/segyinfo.c:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char traceh[ SEGY_TRACE_HEADER_SIZE ];
data/segyio-1.8.3/applications/segyinspect.c:59:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
il_field = atoi(argv[ argindex + 0 ]);
data/segyio-1.8.3/applications/segyinspect.c:60:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xl_field = atoi(argv[ argindex + 1 ]);
data/segyio-1.8.3/applications/segyinspect.c:78:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[ SEGY_BINARY_HEADER_SIZE ];
data/segyio-1.8.3/applications/segyio-catb.c:197:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binheader[ SEGY_BINARY_HEADER_SIZE ];
data/segyio-1.8.3/applications/segyio-cath.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binary[ SEGY_BINARY_HEADER_SIZE ];
data/segyio-1.8.3/applications/segyio-cath.c:107:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[ SEGY_TEXT_HEADER_SIZE + 1 ] = { 0 };
data/segyio-1.8.3/applications/segyio-catr.c:626:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trheader[ TRHSIZE ];
data/segyio-1.8.3/applications/segyio-catr.c:627:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binheader[ BINSIZE ];
data/segyio-1.8.3/applications/segyio-crop.c:372:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char textheader[ TEXTSIZE ] = { 0 };
data/segyio-1.8.3/applications/segyio-crop.c:373:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binheader[ BINSIZE ] = { 0 };
data/segyio-1.8.3/applications/segyio-crop.c:374:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trheader[ TEXTSIZE ] = { 0 };
data/segyio-1.8.3/applications/segyio-crop.c:380:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* src = fopen( opts.src, "rb" );
data/segyio-1.8.3/applications/segyio-crop.c:384:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* dst = fopen( opts.dst, "wb" );
data/segyio-1.8.3/external/catch2/catch/catch.hpp:1295:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeStamp[timeStampSize];
data/segyio-1.8.3/external/catch2/catch/catch.hpp:3560:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
alignas(alignof(T)) char storage[sizeof(T)];
data/segyio-1.8.3/external/catch2/catch/catch.hpp:4018:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[CATCH_CONFIG_CONSOLE_WIDTH] = {0};
data/segyio-1.8.3/external/catch2/catch/catch.hpp:4586:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open();
data/segyio-1.8.3/external/catch2/catch/catch.hpp:7963:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&i, &f, sizeof(f));
data/segyio-1.8.3/external/catch2/catch/catch.hpp:7972:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&i, &d, sizeof(d));
data/segyio-1.8.3/external/catch2/catch/catch.hpp:8292:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_buffer[L_tmpnam] = { 0 };
data/segyio-1.8.3/external/catch2/catch/catch.hpp:8363:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100];
data/segyio-1.8.3/external/catch2/catch/catch.hpp:8372:23: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
m_file = std::tmpfile();
data/segyio-1.8.3/external/catch2/catch/catch.hpp:8396:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100] = {};
data/segyio-1.8.3/external/catch2/catch/catch.hpp:9478:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **utf8Argv = new char *[ argc ];
data/segyio-1.8.3/external/catch2/catch/catch.hpp:9600:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[bufferSize];
data/segyio-1.8.3/external/catch2/catch/catch.hpp:9649:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ofs.open( filename.c_str() );
data/segyio-1.8.3/external/catch2/catch/catch.hpp:9899:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( m_data, m_start, m_size );
data/segyio-1.8.3/external/catch2/catch/catch.hpp:10412:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void TrackerBase::open() {
data/segyio-1.8.3/external/catch2/catch/catch.hpp:10501:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open();
data/segyio-1.8.3/external/catch2/catch/catch.hpp:10540:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tracker->open();
data/segyio-1.8.3/external/catch2/catch/catch.hpp:10828:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asChar[sizeof (int)];
data/segyio-1.8.3/external/catch2/catch/catch.hpp:11472:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[maxDoubleSize];
data/segyio-1.8.3/external/catch2/catch/catch.hpp:11479:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%.3f", duration);
data/segyio-1.8.3/external/catch2/catch/catch.hpp:12047:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() {
data/segyio-1.8.3/external/catch2/catch/catch.hpp:12076:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tp.open();
data/segyio-1.8.3/external/catch2/catch/catch.hpp:12422:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeStamp[timeStampSize];
data/segyio-1.8.3/lib/experimental/segyio/segyio.hpp:547:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open( const segyio::path&,
data/segyio-1.8.3/lib/experimental/segyio/segyio.hpp:1015:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file( std::fopen( p.c_str(), m.c_str() ), std::fclose );
data/segyio-1.8.3/lib/experimental/segyio/segyio.hpp:1056:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void openable< Derived>::open( const path& path,
data/segyio-1.8.3/lib/experimental/segyio/segyio.hpp:1143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[ SEGY_BINARY_HEADER_SIZE ] = {};
data/segyio-1.8.3/lib/experimental/segyio/segyio.hpp:1299:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[ SEGY_BINARY_HEADER_SIZE ] = {};
data/segyio-1.8.3/lib/experimental/segyio/segyio.hpp:1360:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[ SEGY_TRACE_HEADER_SIZE ] = {};
data/segyio-1.8.3/lib/src/segy.c:33:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char a2e[256] = {
data/segyio-1.8.3/lib/src/segy.c:52:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char e2a[256] = {
data/segyio-1.8.3/lib/src/segy.c:177:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf, &u, sizeof( u ) );
data/segyio-1.8.3/lib/src/segy.c:193:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf, &u, sizeof( u ) );
data/segyio-1.8.3/lib/src/segy.c:202:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( to, &u, sizeof( u ) );
data/segyio-1.8.3/lib/src/segy.c:211:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( to, &u, sizeof( u ) );
data/segyio-1.8.3/lib/src/segy.c:413:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[ MODEBUF_SIZE ];
data/segyio-1.8.3/lib/src/segy.c:425:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binary_mode[ MODEBUF_SIZE ] = { 0 };
data/segyio-1.8.3/lib/src/segy.c:446:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wmode[ MODEBUF_SIZE ] = { 0 };
data/segyio-1.8.3/lib/src/segy.c:453:20: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
int wpathlen = MultiByteToWideChar( CP_UTF8, 0, path, -1, NULL, 0 );
data/segyio-1.8.3/lib/src/segy.c:455:5: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, path, -1, wpath, wpathlen );
data/segyio-1.8.3/lib/src/segy.c:459:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fp = fopen( path, binary_mode );
data/segyio-1.8.3/lib/src/segy.c:584:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &buf32, header + (field - 1), 4 );
data/segyio-1.8.3/lib/src/segy.c:589:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &buf16, header + (field - 1), 2 );
data/segyio-1.8.3/lib/src/segy.c:624:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( header + (field - 1), &buf32, sizeof( buf32 ) );
data/segyio-1.8.3/lib/src/segy.c:629:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( header + (field - 1), &buf16, sizeof( buf16 ) );
data/segyio-1.8.3/lib/src/segy.c:682:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[ SEGY_TRACE_HEADER_SIZE ] = { 0 };
data/segyio-1.8.3/lib/src/segy.c:749:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( dest, src, n );
data/segyio-1.8.3/lib/src/segy.c:761:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( dest, src, n );
data/segyio-1.8.3/lib/src/segy.c:781:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( xs + offset, &v, sizeof( v ) );
data/segyio-1.8.3/lib/src/segy.c:821:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( xs + offset, &v, sizeof( v ) );
data/segyio-1.8.3/lib/src/segy.c:855:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char swapped[ SEGY_BINARY_HEADER_SIZE ];
data/segyio-1.8.3/lib/src/segy.c:856:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( swapped, buf, SEGY_BINARY_HEADER_SIZE );
data/segyio-1.8.3/lib/src/segy.c:1027:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( xs + offset, &v, sizeof( v ) );
data/segyio-1.8.3/lib/src/segy.c:1103:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( xs + offset, &v, sizeof( v ) );
data/segyio-1.8.3/lib/src/segy.c:1142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char swapped[ SEGY_TRACE_HEADER_SIZE ];
data/segyio-1.8.3/lib/src/segy.c:1143:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( swapped, buf, SEGY_TRACE_HEADER_SIZE );
data/segyio-1.8.3/lib/src/segy.c:1194:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bin_header[ SEGY_BINARY_HEADER_SIZE ];
data/segyio-1.8.3/lib/src/segy.c:1195:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trace_header[ SEGY_TRACE_HEADER_SIZE ];
data/segyio-1.8.3/lib/src/segy.c:1282:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char traceheader[ SEGY_TRACE_HEADER_SIZE ];
data/segyio-1.8.3/lib/src/segy.c:1387:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[ SEGY_TRACE_HEADER_SIZE ];
data/segyio-1.8.3/lib/src/segy.c:1431:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[ SEGY_TRACE_HEADER_SIZE ];
data/segyio-1.8.3/lib/src/segy.c:1474:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[ SEGY_TRACE_HEADER_SIZE ];
data/segyio-1.8.3/lib/src/segy.c:1664:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[ 8 ];
data/segyio-1.8.3/lib/src/segy.c:1666:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmp, arr + i * elemsize, elemsize );
data/segyio-1.8.3/lib/src/segy.c:1667:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( arr + i * elemsize, arr + (last - i) * elemsize, elemsize );
data/segyio-1.8.3/lib/src/segy.c:1668:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( arr + (last - i) * elemsize, tmp, elemsize );
data/segyio-1.8.3/lib/src/segy.c:1689:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &v, xs, sizeof(int32_t) );
data/segyio-1.8.3/lib/src/segy.c:1691:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( xs, &v, sizeof(int32_t) );
data/segyio-1.8.3/lib/src/segy.c:1703:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &v, xs, sizeof(int16_t) );
data/segyio-1.8.3/lib/src/segy.c:1705:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( xs, &v, sizeof(int16_t) );
data/segyio-1.8.3/lib/src/segy.c:1758:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( dst, cur, elemsize );
data/segyio-1.8.3/lib/src/segy.c:1784:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( dst, cur, elemsize );
data/segyio-1.8.3/lib/src/segy.c:1809:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &v, src, elemsize );
data/segyio-1.8.3/lib/src/segy.c:1811:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( dst, &v, elemsize );
data/segyio-1.8.3/lib/src/segy.c:1823:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &v, src, elemsize );
data/segyio-1.8.3/lib/src/segy.c:1825:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( dst, &v, elemsize );
data/segyio-1.8.3/lib/src/segy.c:1874:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tracebuf, buf, elemsize * elems );
data/segyio-1.8.3/lib/src/segy.c:1904:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( cur, src, elemsize );
data/segyio-1.8.3/lib/src/segy.c:1930:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( cur, src, elemsize );
data/segyio-1.8.3/lib/src/segy.c:2173:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char localbuf[ SEGY_TEXT_HEADER_SIZE + 1 ] = { 0 };
data/segyio-1.8.3/lib/src/segy.c:2185:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbuf[ SEGY_TEXT_HEADER_SIZE ];
data/segyio-1.8.3/lib/src/segy.c:2231:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trheader[ SEGY_TRACE_HEADER_SIZE ];
data/segyio-1.8.3/lib/test/segy.cpp:192:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bin[ SEGY_BINARY_HEADER_SIZE ];
data/segyio-1.8.3/lib/test/segy.cpp:206:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[ SEGY_TRACE_HEADER_SIZE ];
data/segyio-1.8.3/lib/test/segy.cpp:1072:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[ SEGY_TRACE_HEADER_SIZE ];
data/segyio-1.8.3/lib/test/segy.cpp:1081:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[ SEGY_TRACE_HEADER_SIZE ];
data/segyio-1.8.3/lib/test/segy.cpp:1090:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[ SEGY_TRACE_HEADER_SIZE ];
data/segyio-1.8.3/lib/test/segy.cpp:1099:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[ SEGY_TRACE_HEADER_SIZE ];
data/segyio-1.8.3/lib/test/segy.cpp:1120:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char emptyhdr[ SEGY_TRACE_HEADER_SIZE ] = {};
data/segyio-1.8.3/lib/test/segy.cpp:1124:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[ SEGY_TRACE_HEADER_SIZE ] = {};
data/segyio-1.8.3/lib/test/segy.cpp:1161:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fresh[ SEGY_TRACE_HEADER_SIZE ] = {};
data/segyio-1.8.3/lib/test/segy.cpp:1286:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascii[ SEGY_TEXT_HEADER_SIZE + 1 ] = {};
data/segyio-1.8.3/lib/test/segy.cpp:1323:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[ SEGY_BINARY_HEADER_SIZE ];
data/segyio-1.8.3/lib/test/segy.cpp:1439:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ SEGY_TRACE_HEADER_SIZE ] = {};
data/segyio-1.8.3/lib/test/segy.cpp:1515:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[ SEGY_BINARY_HEADER_SIZE ];
data/segyio-1.8.3/lib/test/segy.cpp:1543:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[ SEGY_BINARY_HEADER_SIZE ];
data/segyio-1.8.3/lib/test/segy.cpp:1571:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[ SEGY_BINARY_HEADER_SIZE ];
data/segyio-1.8.3/lib/test/segyio-cpp.cpp:183:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open( "test-data/small.sgy"_path );
data/segyio-1.8.3/mex/segy_get_offsets_mex.c:58:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *fnames[nfields];
data/segyio-1.8.3/mex/segy_get_ps_line_mex.c:57:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *fnames[nfields];
data/segyio-1.8.3/mex/segy_get_traces_mex.c:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binary[ SEGY_BINARY_HEADER_SIZE ];
data/segyio-1.8.3/mex/segy_put_headers_mex.c:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char traceheader[ SEGY_TRACE_HEADER_SIZE ];
data/segyio-1.8.3/mex/segy_read_write_line_mex.c:108:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *fnames[nfields];
data/segyio-1.8.3/mex/segy_read_write_ps_line_mex.c:118:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *fnames[nfields];
data/segyio-1.8.3/mex/segyspec_mex.c:9:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *fnames[nfields];
data/segyio-1.8.3/mex/segyspec_mex.c:150:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *fnames[nfields];
data/segyio-1.8.3/mex/segyutil.c:11:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path_copy, path, size);
data/segyio-1.8.3/mex/segyutil.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[ SEGY_BINARY_HEADER_SIZE ];
data/segyio-1.8.3/mex/segyutil.c:183:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binary[SEGY_BINARY_HEADER_SIZE];
data/segyio-1.8.3/python/segyio/segyio.cpp:295:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binary[ SEGY_BINARY_HEADER_SIZE ] = {};
data/segyio-1.8.3/python/segyio/segyio.cpp:459:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[ SEGY_TRACE_HEADER_SIZE ] = {};
data/segyio-1.8.3/python/segyio/segyio.cpp:618:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[ SEGY_BINARY_HEADER_SIZE ] = {};
data/segyio-1.8.3/python/segyio/segyio.cpp:1249:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[ SEGY_BINARY_HEADER_SIZE ];
data/segyio-1.8.3/external/catch2/catch/catch.hpp:9501:36: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static_cast<void>(std::getchar());
data/segyio-1.8.3/external/catch2/catch/catch.hpp:9506:36: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static_cast<void>(std::getchar());
data/segyio-1.8.3/external/catch2/catch/catch.hpp:9787:50: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return s.size() >= prefix.size() && std::equal(prefix.begin(), prefix.end(), s.begin());
data/segyio-1.8.3/external/catch2/catch/catch.hpp:9793:50: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return s.size() >= suffix.size() && std::equal(suffix.rbegin(), suffix.rend(), s.rbegin());
data/segyio-1.8.3/external/catch2/catch/catch.hpp:9867:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
: StringRef( rawChars, static_cast<StringRef::size_type>(std::strlen(rawChars) ) )
data/segyio-1.8.3/lib/src/segy.c:144:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen( ebcdic );
data/segyio-1.8.3/lib/src/segy.c:150:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen( ascii );
data/segyio-1.8.3/lib/src/segy.c:426:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( binary_mode, mode, 3 );
data/segyio-1.8.3/lib/src/segy.c:428:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t mode_len = strlen( binary_mode );
data/segyio-1.8.3/lib/src/segy.c:447:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mbstowcs( wmode, binary_mode, strlen( binary_mode ) );
data/segyio-1.8.3/lib/src/segy.c:2175:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( read != SEGY_TEXT_HEADER_SIZE ) return SEGY_FREAD_ERROR;
data/segyio-1.8.3/mex/segy_read_write_line_mex.c:13:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read;
data/segyio-1.8.3/mex/segy_read_write_line_mex.c:55:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read) {
data/segyio-1.8.3/mex/segy_read_write_ps_line_mex.c:47:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const char* mode = read ? "rb" : "r+b";
data/segyio-1.8.3/mex/segy_read_write_ps_line_mex.c:59:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( read ) {
data/segyio-1.8.3/mex/segyutil.c:9:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen(path) + 1;
data/segyio-1.8.3/python/segyio/segyio.cpp:235:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( std::strlen( mode ) == 0 ) {
data/segyio-1.8.3/python/segyio/segyio.cpp:240:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( std::strlen( mode ) > 3 ) {
data/segyio-1.8.3/python/segyio/segyio.cpp:586:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = std::strlen( buffer );
ANALYSIS SUMMARY:
Hits = 156
Lines analyzed = 24918 in approximately 0.60 seconds (41464 lines/second)
Physical Source Lines of Code (SLOC) = 18825
Hits@level = [0] 61 [1] 19 [2] 130 [3] 6 [4] 1 [5] 0
Hits@level+ = [0+] 217 [1+] 156 [2+] 137 [3+] 7 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 11.5272 [1+] 8.28685 [2+] 7.27756 [3+] 0.371846 [4+] 0.0531208 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.