Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/suitename-0.3.070919+git20180613.ebb1325/suitename.c Examining data/suitename-0.3.070919+git20180613.ebb1325/suitename.h Examining data/suitename-0.3.070919+git20180613.ebb1325/suitenhead.h Examining data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.c Examining data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h Examining data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c Examining data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.h Examining data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c Examining data/suitename-0.3.070919+git20180613.ebb1325/suitenout.h Examining data/suitename-0.3.070919+git20180613.ebb1325/suitenscrt.c Examining data/suitename-0.3.070919+git20180613.ebb1325/suitenscrt.h Examining data/suitename-0.3.070919+git20180613.ebb1325/suitenutil.c Examining data/suitename-0.3.070919+git20180613.ebb1325/suitenutil.h FINAL RESULTS: data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:751:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sour," %s:%s, %7.3f:%s, %7.3f: " data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:804:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(commentstr," 7D dist %s",bin[ibin].clst[thej].clustername); data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.c:272:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(NameStr,argv[i]); /*copy name into input file Name*/ data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c:97:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(oldresidueptr->ptID[j],newresidueptr->ptID[j]); data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c:162:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newresidueptr->ptID[j],ptID[j]); data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c:397:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(suiteptr->ptID,ptIDstr); data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c:442:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(texts,EOLO); data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:32:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(temps,"{%s %s %s:D==%5.3f:S==%5.3f: %s} %s%s ,%7.2f,%7.2f,%7.2f,%7.2f,%7.2f,%7.2f,%7.2f,%7.2f,%7.2f", data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:79:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(clststr,"%s%s",bin[ibin].clst[jclst].clustername,basestr); data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:113:25: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else if(Lcomment){sprintf(reason,"%s",commentstr);} /*070628*/ data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:346:16: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ctrl,"{%s %s}" data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:390:16: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ctrl,"{%s %s}" data/suitename-0.3.070919+git20180613.ebb1325/suitenscrt.c:43:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(stringtemp,thestring);/*leaving this routine forgets contents*/ data/suitename-0.3.070919+git20180613.ebb1325/suitenscrt.c:45:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(thestring,stringtemp); data/suitename-0.3.070919+git20180613.ebb1325/suitenscrt.c:49:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tb->next,thestring); data/suitename-0.3.070919+git20180613.ebb1325/suitenscrt.c:61:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(thestring,tb->cursor); data/suitename-0.3.070919+git20180613.ebb1325/suitenscrt.c:121:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(alertstr,CRLF"+%d text block reallocation failed"CRLF data/suitename-0.3.070919+git20180613.ebb1325/suitenscrt.c:125:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(alertstr,CRLF"text block allocation now == %ld"CRLF data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:37:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sour[32]; data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:39:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ptmaster[4]; data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:40:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ptcolor[16]; data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:48:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(version,"suitename.0.4.130509 "); /* VERSION */ data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:143:22: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sour," tangled "); /*suite incomplete angles*/ data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:271:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sour[32]; /*flag type of non-suiteness */ data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:277:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ptmaster[4]; data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:278:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ptcolor[16]; data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:296:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. { sprintf(sour," e out "); LOK = 0; data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:297:29: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. Ltriage = EPSILONM; sprintf(ptmaster,"'E'");} data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:312:23: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. { puckerdm = 0; sprintf(sour," bad deltam "); LOK = 0; data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:313:27: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. Ltriage = DELTAM; sprintf(ptmaster,"'D'");} data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:328:22: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. { puckerd = 0; sprintf(sour," bad delta "); LOK = 0; data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:329:26: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. Ltriage = DELTA; sprintf(ptmaster,"'D'");} data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:332:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sour," %1d%1d delta ",puckerdm,puckerd); data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:352:35: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. { gammaname = 'o'; LOK = 0; sprintf(sour," g out "); data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:353:26: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. Ltriage = GAMMA; sprintf(ptmaster,"'T'");} data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:364:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. {LOK = 0; sprintf(sour," a out "); data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:365:26: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. Ltriage = ALPHA; sprintf(ptmaster,"'T'");} data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:376:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. {LOK = 0; sprintf(sour," b out "); data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:377:25: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. Ltriage = BETA; sprintf(ptmaster,"'T'");} data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:388:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. {LOK = 0; sprintf(sour," z out "); data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:389:26: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. Ltriage = ZETAM; sprintf(ptmaster,"'T'");} data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:457:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sour," ddg== %2d ",ddg); data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:486:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sour[96],sourness[64]; /*070311 accum report*/ data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:490:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ptmaster[4]; data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:493:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ptcolor[16]; data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:604:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sourness,"%d-only-one",matchcnt); data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:619:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sourness,"%d-none-dom",matchcnt); data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:697:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sourness,"%d-BETWEEN-dom-sat(%7.3f|%7.3f)" data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:709:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sourness,"%d-OUTSIDE-dom-sat",matchcnt); data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:724:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sourness,"%d-not-sat",matchcnt); data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:742:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sourness,"outlier distance %.3f",closestd); /*070311*/ data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:743:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ptmaster,"'O'"); /*outlier within a bin*/ data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:744:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ptcolor," white"); /*leading space*/ data/suitename-0.3.070919+git20180613.ebb1325/suitename.c:791:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(commentstr," by 7Ddist"); /*070628*/ data/suitename-0.3.070919+git20180613.ebb1325/suitename.h:30:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EXTERN char version[256]; data/suitename-0.3.070919+git20180613.ebb1325/suitename.h:34:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EXTERN char texts[256]; data/suitename-0.3.070919+git20180613.ebb1325/suitename.h:37:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ptID[256]; data/suitename-0.3.070919+git20180613.ebb1325/suitename.h:38:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char basechr[2]; /*070412*/ data/suitename-0.3.070919+git20180613.ebb1325/suitename.h:55:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ptID[10][32]; data/suitename-0.3.070919+git20180613.ebb1325/suitename.h:56:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char basechr[2]; /*070412*/ data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.c:81:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numstr[256]; data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h:22:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[3]; data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h:27:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char doma[3]; /*dominant name -- bookkeeping 070506*/ data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h:45:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[3]; data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h:50:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char doma[3]; /*dominant name -- bookkeeping 070506*/ data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h:55:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. SUITENINIT char clusteraveragesversion[7]; data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h:58:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char clustername[3]; /*2char designation of consensus names*/ data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h:60:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char status[8]; /*certain OR wannabe, triaged,outlier,nothing,incompl*/ data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h:61:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char clustercolor[12]; /*std kinemage color names, 12 char sufficient*/ data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h:62:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char domsatness[4]; /*dom.inant, sat.ellite, ord.inary, out,tri,inc*/ data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h:69:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char binname[5]; /*4char designation of bin, trig,33 p, ... */ data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h:75:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char clusteraveragesversion[7] = {"070506"}; data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h:326:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char clusterhalfwidthsversion[7]; data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h:348:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char axeslimitsversion[7]; data/suitename-0.3.070919+git20180613.ebb1325/suiteninit.h:390:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. SUITENINIT char NameStr[256],altID[2]; /* last variable added by S.J. 01/07/2014*/ data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c:187:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numstr[256]; data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c:261:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numstr[256]; data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c:347:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numstr[256]; data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c:349:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ptIDstr[256]; data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c:350:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char basechr[2]; /*070412*/ data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c:488:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. float floatfromstr(char ins[256]) data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c:491:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[256]; data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.h:8:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char ptID[10][32]; data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.h:9:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char basechr[2]; data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.h:18:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ptID[10][32]; data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.h:19:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char basechr[2]; data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:16:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char resstr[32]; data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:17:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char basestr[2]={'\0','\0'}; data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:18:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char clststr[4]={'\0','\0','\0','\0'}; data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:19:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char lappedstr[256]={'\0'}; data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:20:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reason[16]; /*used in report: reason for triage*/ data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:21:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stray[16]; /*used in report: stray wannabe*/ data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:22:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sourpuss[1]; /*070524*/ data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:106:32: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if(Ltriage==EPSILONM) {sprintf(reason," epsilon-1");} /*070628*/ data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:107:32: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else if(Ltriage==DELTAM){sprintf(reason," delta-1");} /*070628*/ data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:108:32: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else if(Ltriage==DELTA) {sprintf(reason," delta");} /*070628*/ data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:109:32: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else if(Ltriage==GAMMA) {sprintf(reason," gamma");} /*070521*/ data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:110:32: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else if(Ltriage==BETA) {sprintf(reason," beta");} /*070521*/ data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:111:32: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else if(Ltriage==ALPHA) {sprintf(reason," alpha");} /*070521*/ data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:112:32: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else if(Ltriage==ZETAM) {sprintf(reason," zeta-1");} /*070628*/ data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:114:22: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if(Liswannabe){sprintf(stray," wannabe");} /*070525*/ data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:178:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char comment[256]; data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:191:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comment,"For all"); data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:200:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comment," A form (1a)"); data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:209:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comment," non-1a has"); data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:252:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char commentstr[128]; data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:256:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(commentstr, data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:261:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(commentstr, data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:322:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctrl[10]; /* 7 actual characters in curly braces*/ data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:323:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extras[32]; data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:338:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(extras," master= {wannabees}"); data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:407:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scrts[256]; data/suitename-0.3.070919+git20180613.ebb1325/suitenout.c:484:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temps[256]; data/suitename-0.3.070919+git20180613.ebb1325/suitenout.h:22:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. SUITENOUT char commentstr[16]; /*and Lcomment 070628*/ data/suitename-0.3.070919+git20180613.ebb1325/suitenout.h:39:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. SUITENOUT char temps[256]; data/suitename-0.3.070919+git20180613.ebb1325/suitenscrt.c:38:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char stringtemp[256]; data/suitename-0.3.070919+git20180613.ebb1325/suitenscrt.h:13:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. SCRATCH char alertstr[256]; data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c:213:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(ptID[n]) == 3) data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c:291:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(ptID[n]) == 3) data/suitename-0.3.070919+git20180613.ebb1325/suiteninpt.c:435:19: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = fgetc(fpin)) != EOF) data/suitename-0.3.070919+git20180613.ebb1325/suitenscrt.c:41:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( (unsigned)(tb->end - tb->next) < strlen(thestring)+8 ) /*give some slack*/ data/suitename-0.3.070919+git20180613.ebb1325/suitenscrt.c:47:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( (unsigned)(tb->end - tb->next) > strlen(thestring) ) /*insurance */ data/suitename-0.3.070919+git20180613.ebb1325/suitenscrt.c:50:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tb->next += strlen(tb->next) + 1; data/suitename-0.3.070919+git20180613.ebb1325/suitenscrt.c:62:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tb->cursor += strlen(tb->cursor) + 1; data/suitename-0.3.070919+git20180613.ebb1325/suitenutil.c:137:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). max = strlen(arg); ANALYSIS SUMMARY: Hits = 125 Lines analyzed = 3254 in approximately 0.15 seconds (21015 lines/second) Physical Source Lines of Code (SLOC) = 2514 Hits@level = [0] 138 [1] 8 [2] 99 [3] 0 [4] 18 [5] 0 Hits@level+ = [0+] 263 [1+] 125 [2+] 117 [3+] 18 [4+] 18 [5+] 0 Hits/KSLOC@level+ = [0+] 104.614 [1+] 49.7216 [2+] 46.5394 [3+] 7.1599 [4+] 7.1599 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.