Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/segyio-1.8.3/applications/segyinfo.c Examining data/segyio-1.8.3/applications/apputils.h Examining data/segyio-1.8.3/applications/segyio-crop.c Examining data/segyio-1.8.3/applications/segyio-catr.c Examining data/segyio-1.8.3/applications/segyio-catb.c Examining data/segyio-1.8.3/applications/segyinspect.c Examining data/segyio-1.8.3/applications/segyio-cath.c Examining data/segyio-1.8.3/applications/apputils.c Examining data/segyio-1.8.3/applications/flip-endianness.cpp Examining data/segyio-1.8.3/lib/include/segyio/segy.h Examining data/segyio-1.8.3/lib/src/segyio/util.h Examining data/segyio-1.8.3/lib/src/segy.c Examining data/segyio-1.8.3/lib/test/matchers.hpp Examining data/segyio-1.8.3/lib/test/testsuite.cpp Examining data/segyio-1.8.3/lib/test/test-config.hpp Examining data/segyio-1.8.3/lib/test/segy.cpp Examining data/segyio-1.8.3/lib/test/segyio-cpp.cpp Examining data/segyio-1.8.3/lib/experimental/segyio/segyio.hpp Examining data/segyio-1.8.3/python/segyio/segyio.cpp Examining data/segyio-1.8.3/mex/segyspec_mex.c Examining data/segyio-1.8.3/mex/segy_get_offsets_mex.c Examining data/segyio-1.8.3/mex/segyutil.c Examining data/segyio-1.8.3/mex/segy_put_headers_mex.c Examining data/segyio-1.8.3/mex/segy_read_write_line_mex.c Examining data/segyio-1.8.3/mex/segy_get_trace_header_mex.c Examining data/segyio-1.8.3/mex/segy_get_traces_mex.c Examining data/segyio-1.8.3/mex/segy_get_ntraces_mex.c Examining data/segyio-1.8.3/mex/segy_get_header_mex.c Examining data/segyio-1.8.3/mex/segyutil.h Examining data/segyio-1.8.3/mex/segy_put_traces_mex.c Examining data/segyio-1.8.3/mex/segy_get_ps_line_mex.c Examining data/segyio-1.8.3/mex/segy_read_write_ps_line_mex.c Examining data/segyio-1.8.3/mex/segy_get_segy_header_mex.c Examining data/segyio-1.8.3/mex/segy_get_field_mex.c Examining data/segyio-1.8.3/mex/segy_get_bfield_mex.c Examining data/segyio-1.8.3/external/catch2/dummy.cpp Examining data/segyio-1.8.3/external/catch2/catch/catch.hpp FINAL RESULTS: data/segyio-1.8.3/lib/src/segy.c:472:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( file->mode, binary_mode ); data/segyio-1.8.3/applications/flip-endianness.cpp:113:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int c = getopt_long( argc, argv, "e:s:F:f:", data/segyio-1.8.3/applications/segyio-catb.c:60:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int c = getopt_long( argc, argv, "nd", data/segyio-1.8.3/applications/segyio-cath.c:71:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int c = getopt_long( argc, argv, "n:asS", data/segyio-1.8.3/applications/segyio-catr.c:486:16: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int c = getopt_long( argc, argv, "sSkdnvt:r:f:", data/segyio-1.8.3/applications/segyio-crop.c:245:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int c = getopt_long( argc, argv, "vi:I:x:X:f:s:S:b:B:", data/segyio-1.8.3/external/catch2/catch/catch.hpp:8476:18: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. std::srand( config.rngSeed() ); data/segyio-1.8.3/applications/flip-endianness.cpp:138:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). auto* in = std::fopen( argv[ optind ], "rb" ); data/segyio-1.8.3/applications/flip-endianness.cpp:144:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). auto* out = std::fopen( argv[ optind + 1 ], "wb" ); data/segyio-1.8.3/applications/segyinfo.c:46:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[ SEGY_BINARY_HEADER_SIZE ]; data/segyio-1.8.3/applications/segyinfo.c:81:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char traceh[ SEGY_TRACE_HEADER_SIZE ]; data/segyio-1.8.3/applications/segyinspect.c:59:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). il_field = atoi(argv[ argindex + 0 ]); data/segyio-1.8.3/applications/segyinspect.c:60:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xl_field = atoi(argv[ argindex + 1 ]); data/segyio-1.8.3/applications/segyinspect.c:78:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[ SEGY_BINARY_HEADER_SIZE ]; data/segyio-1.8.3/applications/segyio-catb.c:197:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char binheader[ SEGY_BINARY_HEADER_SIZE ]; data/segyio-1.8.3/applications/segyio-cath.c:32:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char binary[ SEGY_BINARY_HEADER_SIZE ]; data/segyio-1.8.3/applications/segyio-cath.c:107:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[ SEGY_TEXT_HEADER_SIZE + 1 ] = { 0 }; data/segyio-1.8.3/applications/segyio-catr.c:626:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char trheader[ TRHSIZE ]; data/segyio-1.8.3/applications/segyio-catr.c:627:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char binheader[ BINSIZE ]; data/segyio-1.8.3/applications/segyio-crop.c:372:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char textheader[ TEXTSIZE ] = { 0 }; data/segyio-1.8.3/applications/segyio-crop.c:373:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char binheader[ BINSIZE ] = { 0 }; data/segyio-1.8.3/applications/segyio-crop.c:374:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char trheader[ TEXTSIZE ] = { 0 }; data/segyio-1.8.3/applications/segyio-crop.c:380:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* src = fopen( opts.src, "rb" ); data/segyio-1.8.3/applications/segyio-crop.c:384:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* dst = fopen( opts.dst, "wb" ); data/segyio-1.8.3/external/catch2/catch/catch.hpp:1295:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timeStamp[timeStampSize]; data/segyio-1.8.3/external/catch2/catch/catch.hpp:3560:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. alignas(alignof(T)) char storage[sizeof(T)]; data/segyio-1.8.3/external/catch2/catch/catch.hpp:4018:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char line[CATCH_CONFIG_CONSOLE_WIDTH] = {0}; data/segyio-1.8.3/external/catch2/catch/catch.hpp:4586:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(); data/segyio-1.8.3/external/catch2/catch/catch.hpp:7963:14: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(&i, &f, sizeof(f)); data/segyio-1.8.3/external/catch2/catch/catch.hpp:7972:14: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(&i, &d, sizeof(d)); data/segyio-1.8.3/external/catch2/catch/catch.hpp:8292:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_buffer[L_tmpnam] = { 0 }; data/segyio-1.8.3/external/catch2/catch/catch.hpp:8363:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[100]; data/segyio-1.8.3/external/catch2/catch/catch.hpp:8372:23: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). m_file = std::tmpfile(); data/segyio-1.8.3/external/catch2/catch/catch.hpp:8396:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[100] = {}; data/segyio-1.8.3/external/catch2/catch/catch.hpp:9478:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **utf8Argv = new char *[ argc ]; data/segyio-1.8.3/external/catch2/catch/catch.hpp:9600:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[bufferSize]; data/segyio-1.8.3/external/catch2/catch/catch.hpp:9649:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ofs.open( filename.c_str() ); data/segyio-1.8.3/external/catch2/catch/catch.hpp:9899:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( m_data, m_start, m_size ); data/segyio-1.8.3/external/catch2/catch/catch.hpp:10412:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void TrackerBase::open() { data/segyio-1.8.3/external/catch2/catch/catch.hpp:10501:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(); data/segyio-1.8.3/external/catch2/catch/catch.hpp:10540:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tracker->open(); data/segyio-1.8.3/external/catch2/catch/catch.hpp:10828:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char asChar[sizeof (int)]; data/segyio-1.8.3/external/catch2/catch/catch.hpp:11472:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[maxDoubleSize]; data/segyio-1.8.3/external/catch2/catch/catch.hpp:11479:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%.3f", duration); data/segyio-1.8.3/external/catch2/catch/catch.hpp:12047:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open() { data/segyio-1.8.3/external/catch2/catch/catch.hpp:12076:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tp.open(); data/segyio-1.8.3/external/catch2/catch/catch.hpp:12422:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timeStamp[timeStampSize]; data/segyio-1.8.3/lib/experimental/segyio/segyio.hpp:547:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open( const segyio::path&, data/segyio-1.8.3/lib/experimental/segyio/segyio.hpp:1015:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file( std::fopen( p.c_str(), m.c_str() ), std::fclose ); data/segyio-1.8.3/lib/experimental/segyio/segyio.hpp:1056:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void openable< Derived>::open( const path& path, data/segyio-1.8.3/lib/experimental/segyio/segyio.hpp:1143:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[ SEGY_BINARY_HEADER_SIZE ] = {}; data/segyio-1.8.3/lib/experimental/segyio/segyio.hpp:1299:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[ SEGY_BINARY_HEADER_SIZE ] = {}; data/segyio-1.8.3/lib/experimental/segyio/segyio.hpp:1360:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[ SEGY_TRACE_HEADER_SIZE ] = {}; data/segyio-1.8.3/lib/src/segy.c:33:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char a2e[256] = { data/segyio-1.8.3/lib/src/segy.c:52:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char e2a[256] = { data/segyio-1.8.3/lib/src/segy.c:177:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( buf, &u, sizeof( u ) ); data/segyio-1.8.3/lib/src/segy.c:193:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( buf, &u, sizeof( u ) ); data/segyio-1.8.3/lib/src/segy.c:202:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( to, &u, sizeof( u ) ); data/segyio-1.8.3/lib/src/segy.c:211:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( to, &u, sizeof( u ) ); data/segyio-1.8.3/lib/src/segy.c:413:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mode[ MODEBUF_SIZE ]; data/segyio-1.8.3/lib/src/segy.c:425:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char binary_mode[ MODEBUF_SIZE ] = { 0 }; data/segyio-1.8.3/lib/src/segy.c:446:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wmode[ MODEBUF_SIZE ] = { 0 }; data/segyio-1.8.3/lib/src/segy.c:453:20: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). int wpathlen = MultiByteToWideChar( CP_UTF8, 0, path, -1, NULL, 0 ); data/segyio-1.8.3/lib/src/segy.c:455:5: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_UTF8, 0, path, -1, wpath, wpathlen ); data/segyio-1.8.3/lib/src/segy.c:459:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fp = fopen( path, binary_mode ); data/segyio-1.8.3/lib/src/segy.c:584:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &buf32, header + (field - 1), 4 ); data/segyio-1.8.3/lib/src/segy.c:589:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &buf16, header + (field - 1), 2 ); data/segyio-1.8.3/lib/src/segy.c:624:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( header + (field - 1), &buf32, sizeof( buf32 ) ); data/segyio-1.8.3/lib/src/segy.c:629:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( header + (field - 1), &buf16, sizeof( buf16 ) ); data/segyio-1.8.3/lib/src/segy.c:682:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[ SEGY_TRACE_HEADER_SIZE ] = { 0 }; data/segyio-1.8.3/lib/src/segy.c:749:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( dest, src, n ); data/segyio-1.8.3/lib/src/segy.c:761:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( dest, src, n ); data/segyio-1.8.3/lib/src/segy.c:781:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( xs + offset, &v, sizeof( v ) ); data/segyio-1.8.3/lib/src/segy.c:821:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( xs + offset, &v, sizeof( v ) ); data/segyio-1.8.3/lib/src/segy.c:855:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char swapped[ SEGY_BINARY_HEADER_SIZE ]; data/segyio-1.8.3/lib/src/segy.c:856:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( swapped, buf, SEGY_BINARY_HEADER_SIZE ); data/segyio-1.8.3/lib/src/segy.c:1027:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( xs + offset, &v, sizeof( v ) ); data/segyio-1.8.3/lib/src/segy.c:1103:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( xs + offset, &v, sizeof( v ) ); data/segyio-1.8.3/lib/src/segy.c:1142:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char swapped[ SEGY_TRACE_HEADER_SIZE ]; data/segyio-1.8.3/lib/src/segy.c:1143:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( swapped, buf, SEGY_TRACE_HEADER_SIZE ); data/segyio-1.8.3/lib/src/segy.c:1194:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bin_header[ SEGY_BINARY_HEADER_SIZE ]; data/segyio-1.8.3/lib/src/segy.c:1195:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char trace_header[ SEGY_TRACE_HEADER_SIZE ]; data/segyio-1.8.3/lib/src/segy.c:1282:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char traceheader[ SEGY_TRACE_HEADER_SIZE ]; data/segyio-1.8.3/lib/src/segy.c:1387:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[ SEGY_TRACE_HEADER_SIZE ]; data/segyio-1.8.3/lib/src/segy.c:1431:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[ SEGY_TRACE_HEADER_SIZE ]; data/segyio-1.8.3/lib/src/segy.c:1474:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[ SEGY_TRACE_HEADER_SIZE ]; data/segyio-1.8.3/lib/src/segy.c:1664:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[ 8 ]; data/segyio-1.8.3/lib/src/segy.c:1666:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( tmp, arr + i * elemsize, elemsize ); data/segyio-1.8.3/lib/src/segy.c:1667:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( arr + i * elemsize, arr + (last - i) * elemsize, elemsize ); data/segyio-1.8.3/lib/src/segy.c:1668:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( arr + (last - i) * elemsize, tmp, elemsize ); data/segyio-1.8.3/lib/src/segy.c:1689:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &v, xs, sizeof(int32_t) ); data/segyio-1.8.3/lib/src/segy.c:1691:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( xs, &v, sizeof(int32_t) ); data/segyio-1.8.3/lib/src/segy.c:1703:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &v, xs, sizeof(int16_t) ); data/segyio-1.8.3/lib/src/segy.c:1705:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( xs, &v, sizeof(int16_t) ); data/segyio-1.8.3/lib/src/segy.c:1758:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( dst, cur, elemsize ); data/segyio-1.8.3/lib/src/segy.c:1784:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( dst, cur, elemsize ); data/segyio-1.8.3/lib/src/segy.c:1809:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &v, src, elemsize ); data/segyio-1.8.3/lib/src/segy.c:1811:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( dst, &v, elemsize ); data/segyio-1.8.3/lib/src/segy.c:1823:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &v, src, elemsize ); data/segyio-1.8.3/lib/src/segy.c:1825:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( dst, &v, elemsize ); data/segyio-1.8.3/lib/src/segy.c:1874:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( tracebuf, buf, elemsize * elems ); data/segyio-1.8.3/lib/src/segy.c:1904:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( cur, src, elemsize ); data/segyio-1.8.3/lib/src/segy.c:1930:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( cur, src, elemsize ); data/segyio-1.8.3/lib/src/segy.c:2173:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localbuf[ SEGY_TEXT_HEADER_SIZE + 1 ] = { 0 }; data/segyio-1.8.3/lib/src/segy.c:2185:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mbuf[ SEGY_TEXT_HEADER_SIZE ]; data/segyio-1.8.3/lib/src/segy.c:2231:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char trheader[ SEGY_TRACE_HEADER_SIZE ]; data/segyio-1.8.3/lib/test/segy.cpp:192:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bin[ SEGY_BINARY_HEADER_SIZE ]; data/segyio-1.8.3/lib/test/segy.cpp:206:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[ SEGY_TRACE_HEADER_SIZE ]; data/segyio-1.8.3/lib/test/segy.cpp:1072:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[ SEGY_TRACE_HEADER_SIZE ]; data/segyio-1.8.3/lib/test/segy.cpp:1081:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[ SEGY_TRACE_HEADER_SIZE ]; data/segyio-1.8.3/lib/test/segy.cpp:1090:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[ SEGY_TRACE_HEADER_SIZE ]; data/segyio-1.8.3/lib/test/segy.cpp:1099:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[ SEGY_TRACE_HEADER_SIZE ]; data/segyio-1.8.3/lib/test/segy.cpp:1120:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char emptyhdr[ SEGY_TRACE_HEADER_SIZE ] = {}; data/segyio-1.8.3/lib/test/segy.cpp:1124:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[ SEGY_TRACE_HEADER_SIZE ] = {}; data/segyio-1.8.3/lib/test/segy.cpp:1161:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fresh[ SEGY_TRACE_HEADER_SIZE ] = {}; data/segyio-1.8.3/lib/test/segy.cpp:1286:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ascii[ SEGY_TEXT_HEADER_SIZE + 1 ] = {}; data/segyio-1.8.3/lib/test/segy.cpp:1323:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[ SEGY_BINARY_HEADER_SIZE ]; data/segyio-1.8.3/lib/test/segy.cpp:1439:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ SEGY_TRACE_HEADER_SIZE ] = {}; data/segyio-1.8.3/lib/test/segy.cpp:1515:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[ SEGY_BINARY_HEADER_SIZE ]; data/segyio-1.8.3/lib/test/segy.cpp:1543:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[ SEGY_BINARY_HEADER_SIZE ]; data/segyio-1.8.3/lib/test/segy.cpp:1571:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[ SEGY_BINARY_HEADER_SIZE ]; data/segyio-1.8.3/lib/test/segyio-cpp.cpp:183:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f.open( "test-data/small.sgy"_path ); data/segyio-1.8.3/mex/segy_get_offsets_mex.c:58:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *fnames[nfields]; data/segyio-1.8.3/mex/segy_get_ps_line_mex.c:57:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *fnames[nfields]; data/segyio-1.8.3/mex/segy_get_traces_mex.c:24:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char binary[ SEGY_BINARY_HEADER_SIZE ]; data/segyio-1.8.3/mex/segy_put_headers_mex.c:23:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char traceheader[ SEGY_TRACE_HEADER_SIZE ]; data/segyio-1.8.3/mex/segy_read_write_line_mex.c:108:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *fnames[nfields]; data/segyio-1.8.3/mex/segy_read_write_ps_line_mex.c:118:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *fnames[nfields]; data/segyio-1.8.3/mex/segyspec_mex.c:9:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *fnames[nfields]; data/segyio-1.8.3/mex/segyspec_mex.c:150:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *fnames[nfields]; data/segyio-1.8.3/mex/segyutil.c:11:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(path_copy, path, size); data/segyio-1.8.3/mex/segyutil.c:30:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[ SEGY_BINARY_HEADER_SIZE ]; data/segyio-1.8.3/mex/segyutil.c:183:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char binary[SEGY_BINARY_HEADER_SIZE]; data/segyio-1.8.3/python/segyio/segyio.cpp:295:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char binary[ SEGY_BINARY_HEADER_SIZE ] = {}; data/segyio-1.8.3/python/segyio/segyio.cpp:459:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[ SEGY_TRACE_HEADER_SIZE ] = {}; data/segyio-1.8.3/python/segyio/segyio.cpp:618:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[ SEGY_BINARY_HEADER_SIZE ] = {}; data/segyio-1.8.3/python/segyio/segyio.cpp:1249:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[ SEGY_BINARY_HEADER_SIZE ]; data/segyio-1.8.3/external/catch2/catch/catch.hpp:9501:36: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). static_cast<void>(std::getchar()); data/segyio-1.8.3/external/catch2/catch/catch.hpp:9506:36: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). static_cast<void>(std::getchar()); data/segyio-1.8.3/external/catch2/catch/catch.hpp:9787:50: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return s.size() >= prefix.size() && std::equal(prefix.begin(), prefix.end(), s.begin()); data/segyio-1.8.3/external/catch2/catch/catch.hpp:9793:50: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return s.size() >= suffix.size() && std::equal(suffix.rbegin(), suffix.rend(), s.rbegin()); data/segyio-1.8.3/external/catch2/catch/catch.hpp:9867:67: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). : StringRef( rawChars, static_cast<StringRef::size_type>(std::strlen(rawChars) ) ) data/segyio-1.8.3/lib/src/segy.c:144:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen( ebcdic ); data/segyio-1.8.3/lib/src/segy.c:150:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen( ascii ); data/segyio-1.8.3/lib/src/segy.c:426:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( binary_mode, mode, 3 ); data/segyio-1.8.3/lib/src/segy.c:428:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t mode_len = strlen( binary_mode ); data/segyio-1.8.3/lib/src/segy.c:447:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mbstowcs( wmode, binary_mode, strlen( binary_mode ) ); data/segyio-1.8.3/lib/src/segy.c:2175:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if( read != SEGY_TEXT_HEADER_SIZE ) return SEGY_FREAD_ERROR; data/segyio-1.8.3/mex/segy_read_write_line_mex.c:13:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read; data/segyio-1.8.3/mex/segy_read_write_line_mex.c:55:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) { data/segyio-1.8.3/mex/segy_read_write_ps_line_mex.c:47:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const char* mode = read ? "rb" : "r+b"; data/segyio-1.8.3/mex/segy_read_write_ps_line_mex.c:59:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if( read ) { data/segyio-1.8.3/mex/segyutil.c:9:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t size = strlen(path) + 1; data/segyio-1.8.3/python/segyio/segyio.cpp:235:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( std::strlen( mode ) == 0 ) { data/segyio-1.8.3/python/segyio/segyio.cpp:240:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( std::strlen( mode ) > 3 ) { data/segyio-1.8.3/python/segyio/segyio.cpp:586:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t len = std::strlen( buffer ); ANALYSIS SUMMARY: Hits = 156 Lines analyzed = 24918 in approximately 0.60 seconds (41464 lines/second) Physical Source Lines of Code (SLOC) = 18825 Hits@level = [0] 61 [1] 19 [2] 130 [3] 6 [4] 1 [5] 0 Hits@level+ = [0+] 217 [1+] 156 [2+] 137 [3+] 7 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 11.5272 [1+] 8.28685 [2+] 7.27756 [3+] 0.371846 [4+] 0.0531208 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.