Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/suitename-0.3.070919+git20180613.ebb1325/suitename.c
Examining data/suitename-0.3.070919+git20180613.ebb1325/suitename.h
Examining data/suitename-0.3.070919+git20180613.ebb1325/suitenhead.h
Examining data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.c
Examining data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h
Examining data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c
Examining data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.h
Examining data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c
Examining data/suitename-0.3.070919+git20180613.ebb1325/suitenout.h
Examining data/suitename-0.3.070919+git20180613.ebb1325/suitenscrt.c
Examining data/suitename-0.3.070919+git20180613.ebb1325/suitenscrt.h
Examining data/suitename-0.3.070919+git20180613.ebb1325/suitenutil.c
Examining data/suitename-0.3.070919+git20180613.ebb1325/suitenutil.h
FINAL RESULTS:
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:751:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sour," %s:%s, %7.3f:%s, %7.3f: "
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:804:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(commentstr," 7D dist %s",bin[ibin].clst[thej].clustername);
data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.c:272:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(NameStr,argv[i]); /*copy name into input file Name*/
data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c:97:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(oldresidueptr->ptID[j],newresidueptr->ptID[j]);
data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c:162:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newresidueptr->ptID[j],ptID[j]);
data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c:397:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(suiteptr->ptID,ptIDstr);
data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c:442:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(texts,EOLO);
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:32:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temps,"{%s %s %s:D==%5.3f:S==%5.3f: %s} %s%s ,%7.2f,%7.2f,%7.2f,%7.2f,%7.2f,%7.2f,%7.2f,%7.2f,%7.2f",
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:79:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(clststr,"%s%s",bin[ibin].clst[jclst].clustername,basestr);
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:113:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else if(Lcomment){sprintf(reason,"%s",commentstr);} /*070628*/
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:346:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ctrl,"{%s %s}"
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:390:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ctrl,"{%s %s}"
data/suitename-0.3.070919+git20180613.ebb1325/suitenscrt.c:43:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(stringtemp,thestring);/*leaving this routine forgets contents*/
data/suitename-0.3.070919+git20180613.ebb1325/suitenscrt.c:45:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(thestring,stringtemp);
data/suitename-0.3.070919+git20180613.ebb1325/suitenscrt.c:49:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tb->next,thestring);
data/suitename-0.3.070919+git20180613.ebb1325/suitenscrt.c:61:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(thestring,tb->cursor);
data/suitename-0.3.070919+git20180613.ebb1325/suitenscrt.c:121:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(alertstr,CRLF"+%d text block reallocation failed"CRLF
data/suitename-0.3.070919+git20180613.ebb1325/suitenscrt.c:125:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(alertstr,CRLF"text block allocation now == %ld"CRLF
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:37:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sour[32];
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:39:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ptmaster[4];
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:40:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ptcolor[16];
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:48:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(version,"suitename.0.4.130509 "); /* VERSION */
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:143:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sour," tangled "); /*suite incomplete angles*/
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:271:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sour[32]; /*flag type of non-suiteness */
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:277:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ptmaster[4];
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:278:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ptcolor[16];
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:296:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(sour," e out "); LOK = 0;
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:297:29: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
Ltriage = EPSILONM; sprintf(ptmaster,"'E'");}
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:312:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ puckerdm = 0; sprintf(sour," bad deltam "); LOK = 0;
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:313:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
Ltriage = DELTAM; sprintf(ptmaster,"'D'");}
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:328:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ puckerd = 0; sprintf(sour," bad delta "); LOK = 0;
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:329:26: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
Ltriage = DELTA; sprintf(ptmaster,"'D'");}
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:332:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sour," %1d%1d delta ",puckerdm,puckerd);
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:352:35: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ gammaname = 'o'; LOK = 0; sprintf(sour," g out ");
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:353:26: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
Ltriage = GAMMA; sprintf(ptmaster,"'T'");}
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:364:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{LOK = 0; sprintf(sour," a out ");
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:365:26: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
Ltriage = ALPHA; sprintf(ptmaster,"'T'");}
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:376:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{LOK = 0; sprintf(sour," b out ");
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:377:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
Ltriage = BETA; sprintf(ptmaster,"'T'");}
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:388:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{LOK = 0; sprintf(sour," z out ");
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:389:26: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
Ltriage = ZETAM; sprintf(ptmaster,"'T'");}
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:457:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sour," ddg== %2d ",ddg);
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:486:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sour[96],sourness[64]; /*070311 accum report*/
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:490:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ptmaster[4];
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:493:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ptcolor[16];
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:604:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sourness,"%d-only-one",matchcnt);
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:619:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sourness,"%d-none-dom",matchcnt);
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:697:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sourness,"%d-BETWEEN-dom-sat(%7.3f|%7.3f)"
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:709:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sourness,"%d-OUTSIDE-dom-sat",matchcnt);
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:724:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sourness,"%d-not-sat",matchcnt);
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:742:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sourness,"outlier distance %.3f",closestd); /*070311*/
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:743:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ptmaster,"'O'"); /*outlier within a bin*/
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:744:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ptcolor," white"); /*leading space*/
data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:791:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(commentstr," by 7Ddist"); /*070628*/
data/suitename-0.3.070919+git20180613.ebb1325/suitename.h:30:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN char version[256];
data/suitename-0.3.070919+git20180613.ebb1325/suitename.h:34:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN char texts[256];
data/suitename-0.3.070919+git20180613.ebb1325/suitename.h:37:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ptID[256];
data/suitename-0.3.070919+git20180613.ebb1325/suitename.h:38:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char basechr[2]; /*070412*/
data/suitename-0.3.070919+git20180613.ebb1325/suitename.h:55:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ptID[10][32];
data/suitename-0.3.070919+git20180613.ebb1325/suitename.h:56:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char basechr[2]; /*070412*/
data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.c:81:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numstr[256];
data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h:22:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[3];
data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h:27:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char doma[3]; /*dominant name -- bookkeeping 070506*/
data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h:45:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[3];
data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h:50:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char doma[3]; /*dominant name -- bookkeeping 070506*/
data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h:55:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
SUITENINIT char clusteraveragesversion[7];
data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h:58:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clustername[3]; /*2char designation of consensus names*/
data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h:60:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status[8]; /*certain OR wannabe, triaged,outlier,nothing,incompl*/
data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h:61:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clustercolor[12]; /*std kinemage color names, 12 char sufficient*/
data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h:62:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char domsatness[4]; /*dom.inant, sat.ellite, ord.inary, out,tri,inc*/
data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h:69:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binname[5]; /*4char designation of bin, trig,33 p, ... */
data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h:75:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clusteraveragesversion[7] = {"070506"};
data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h:326:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char clusterhalfwidthsversion[7];
data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h:348:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char axeslimitsversion[7];
data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h:390:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
SUITENINIT char NameStr[256],altID[2]; /* last variable added by S.J. 01/07/2014*/
data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c:187:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numstr[256];
data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c:261:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numstr[256];
data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c:347:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numstr[256];
data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c:349:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ptIDstr[256];
data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c:350:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char basechr[2]; /*070412*/
data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c:488:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
float floatfromstr(char ins[256])
data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c:491:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[256];
data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.h:8:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char ptID[10][32];
data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.h:9:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char basechr[2];
data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.h:18:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ptID[10][32];
data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.h:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char basechr[2];
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:16:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resstr[32];
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:17:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char basestr[2]={'\0','\0'};
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:18:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clststr[4]={'\0','\0','\0','\0'};
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:19:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lappedstr[256]={'\0'};
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:20:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reason[16]; /*used in report: reason for triage*/
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:21:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stray[16]; /*used in report: stray wannabe*/
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:22:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sourpuss[1]; /*070524*/
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:106:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(Ltriage==EPSILONM) {sprintf(reason," epsilon-1");} /*070628*/
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:107:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if(Ltriage==DELTAM){sprintf(reason," delta-1");} /*070628*/
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:108:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if(Ltriage==DELTA) {sprintf(reason," delta");} /*070628*/
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:109:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if(Ltriage==GAMMA) {sprintf(reason," gamma");} /*070521*/
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:110:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if(Ltriage==BETA) {sprintf(reason," beta");} /*070521*/
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:111:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if(Ltriage==ALPHA) {sprintf(reason," alpha");} /*070521*/
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:112:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if(Ltriage==ZETAM) {sprintf(reason," zeta-1");} /*070628*/
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:114:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(Liswannabe){sprintf(stray," wannabe");} /*070525*/
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:178:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[256];
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:191:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(comment,"For all");
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:200:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(comment," A form (1a)");
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:209:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(comment," non-1a has");
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:252:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char commentstr[128];
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:256:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(commentstr,
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:261:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(commentstr,
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:322:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctrl[10]; /* 7 actual characters in curly braces*/
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:323:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extras[32];
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:338:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(extras," master= {wannabees}");
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:407:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scrts[256];
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:484:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temps[256];
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.h:22:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
SUITENOUT char commentstr[16]; /*and Lcomment 070628*/
data/suitename-0.3.070919+git20180613.ebb1325/suitenout.h:39:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
SUITENOUT char temps[256];
data/suitename-0.3.070919+git20180613.ebb1325/suitenscrt.c:38:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char stringtemp[256];
data/suitename-0.3.070919+git20180613.ebb1325/suitenscrt.h:13:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
SCRATCH char alertstr[256];
data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c:213:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(ptID[n]) == 3)
data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c:291:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(ptID[n]) == 3)
data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c:435:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(fpin)) != EOF)
data/suitename-0.3.070919+git20180613.ebb1325/suitenscrt.c:41:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (unsigned)(tb->end - tb->next) < strlen(thestring)+8 ) /*give some slack*/
data/suitename-0.3.070919+git20180613.ebb1325/suitenscrt.c:47:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (unsigned)(tb->end - tb->next) > strlen(thestring) ) /*insurance */
data/suitename-0.3.070919+git20180613.ebb1325/suitenscrt.c:50:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tb->next += strlen(tb->next) + 1;
data/suitename-0.3.070919+git20180613.ebb1325/suitenscrt.c:62:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tb->cursor += strlen(tb->cursor) + 1;
data/suitename-0.3.070919+git20180613.ebb1325/suitenutil.c:137:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max = strlen(arg);
ANALYSIS SUMMARY:
Hits = 125
Lines analyzed = 3254 in approximately 0.15 seconds (21015 lines/second)
Physical Source Lines of Code (SLOC) = 2514
Hits@level = [0] 138 [1] 8 [2] 99 [3] 0 [4] 18 [5] 0
Hits@level+ = [0+] 263 [1+] 125 [2+] 117 [3+] 18 [4+] 18 [5+] 0
Hits/KSLOC@level+ = [0+] 104.614 [1+] 49.7216 [2+] 46.5394 [3+] 7.1599 [4+] 7.1599 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.