Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tcl-fitstcl-2.4/fitsCmds.c
Examining data/tcl-fitstcl-2.4/fitsTcl.c
Examining data/tcl-fitstcl-2.4/fitsTcl.h
Examining data/tcl-fitstcl-2.4/fitsTclInt.h
Examining data/tcl-fitstcl-2.4/fitsUtils.c
Examining data/tcl-fitstcl-2.4/fvTcl.c
Examining data/tcl-fitstcl-2.4/tclShared.c
Examining data/tcl-fitstcl-2.4/eval_defs.h
Examining data/tcl-fitstcl-2.4/eval_tab.h
Examining data/tcl-fitstcl-2.4/fitsInit.c
Examining data/tcl-fitstcl-2.4/fitsIO.c
FINAL RESULTS:
data/tcl-fitstcl-2.4/fitsCmds.c:1082:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfile, argv[6]);
data/tcl-fitstcl-2.4/fitsCmds.c:1115:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest, argv[5]);
data/tcl-fitstcl-2.4/fitsCmds.c:2809:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(addStr,PTRFORMAT,&databuff);
data/tcl-fitstcl-2.4/fitsCmds.c:3400:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( wtcol, Tcl_GetStringFromObj( argv[argNum], NULL ) );
data/tcl-fitstcl-2.4/fitsCmds.c:3499:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( colname[i], opt );
data/tcl-fitstcl-2.4/fitsCmds.c:3513:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( minname[i], opt );
data/tcl-fitstcl-2.4/fitsCmds.c:3529:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( maxname[i], opt );
data/tcl-fitstcl-2.4/fitsCmds.c:3545:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( binname[i], opt );
data/tcl-fitstcl-2.4/fitsCmds.c:3836:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfile, opt );
data/tcl-fitstcl-2.4/fitsCmds.c:3946:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(strtemp,curFile->fileName);
data/tcl-fitstcl-2.4/fitsCmds.c:3964:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(strtemp,curFile->fileName);
data/tcl-fitstcl-2.4/fitsIO.c:185:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(curFile->CHDUInfo.image.blank, tmpKwd->value);
data/tcl-fitstcl-2.4/fitsIO.c:220:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(curFile->CHDUInfo.table.colDisp[i], tmpKwd->value);
data/tcl-fitstcl-2.4/fitsIO.c:229:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(curFile->CHDUInfo.table.colNull[i], tmpKwd->value);
data/tcl-fitstcl-2.4/fitsIO.c:289:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(testChar, p);
data/tcl-fitstcl-2.4/fitsIO.c:409:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(testChar, p);
data/tcl-fitstcl-2.4/fitsIO.c:632:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hisCard->value,Comment);
data/tcl-fitstcl-2.4/fitsIO.c:636:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hisCard->value,Comment);
data/tcl-fitstcl-2.4/fitsIO.c:652:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comCard->value,Comment);
data/tcl-fitstcl-2.4/fitsIO.c:656:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comCard->value,Comment);
data/tcl-fitstcl-2.4/fitsIO.c:665:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newKwd->name,Name);
data/tcl-fitstcl-2.4/fitsIO.c:666:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newKwd->value,Value);
data/tcl-fitstcl-2.4/fitsIO.c:667:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newKwd->comment,Comment);
data/tcl-fitstcl-2.4/fitsIO.c:1253:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf( Tcl_GetStringResult(curFile->interp),
data/tcl-fitstcl-2.4/fitsIO.c:1277:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(result, PTRFORMAT " %d %ld", backPtr, FLOAT_DATA, nCols);
data/tcl-fitstcl-2.4/fitsIO.c:1291:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(result, PTRFORMAT " %d %ld", backPtr, FLOAT_DATA, nCols);
data/tcl-fitstcl-2.4/fitsIO.c:1305:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(result, PTRFORMAT " %d %ld", backPtr, FLOAT_DATA, nCols);
data/tcl-fitstcl-2.4/fitsIO.c:1319:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(result, PTRFORMAT " %d %ld", backPtr, FLOAT_DATA, nCols);
data/tcl-fitstcl-2.4/fitsIO.c:1333:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(result, PTRFORMAT " %d %ld", backPtr, DOUBLE_DATA, nCols);
data/tcl-fitstcl-2.4/fitsIO.c:1347:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(result, PTRFORMAT " %d %ld", backPtr, LONGLONG_DATA, nCols);
data/tcl-fitstcl-2.4/fitsIO.c:1409:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf( Tcl_GetStringResult(curFile->interp),
data/tcl-fitstcl-2.4/fitsIO.c:1433:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(result, PTRFORMAT " %d %ld", backPtr, FLOAT_DATA, nRows);
data/tcl-fitstcl-2.4/fitsIO.c:1447:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(result, PTRFORMAT " %d %ld", backPtr, FLOAT_DATA, nRows);
data/tcl-fitstcl-2.4/fitsIO.c:1461:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(result, PTRFORMAT " %d %ld", backPtr, FLOAT_DATA, nRows);
data/tcl-fitstcl-2.4/fitsIO.c:1475:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(result, PTRFORMAT " %d %ld", backPtr, FLOAT_DATA, nRows);
data/tcl-fitstcl-2.4/fitsIO.c:1489:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(result, PTRFORMAT " %d %ld", backPtr, DOUBLE_DATA, nRows);
data/tcl-fitstcl-2.4/fitsIO.c:1503:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(result, PTRFORMAT " %d %ld", backPtr, LONGLONG_DATA, nCols);
data/tcl-fitstcl-2.4/fitsIO.c:1823:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(result, PTRFORMAT " %d %I64d", dblData, 4, nCol*nRow);
data/tcl-fitstcl-2.4/fitsIO.c:1825:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(result, PTRFORMAT " %d %lld", dblData, 4, nCol*nRow);
data/tcl-fitstcl-2.4/fitsIO.c:1875:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(result, PTRFORMAT " %d %I64d", longlongData, 4, nCol*nRow);
data/tcl-fitstcl-2.4/fitsIO.c:1877:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(result, PTRFORMAT " %d %lld", longlongData, 4, nCol*nRow);
data/tcl-fitstcl-2.4/fitsIO.c:1931:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(result, PTRFORMAT " %d %I64d", floatData, 3, nCol*nRow);
data/tcl-fitstcl-2.4/fitsIO.c:1933:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(result, PTRFORMAT " %d %lld", floatData, 3, nCol*nRow);
data/tcl-fitstcl-2.4/fitsIO.c:1983:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(result, PTRFORMAT " %d %I64d", intData, 2, nCol*nRow);
data/tcl-fitstcl-2.4/fitsIO.c:1985:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(result, PTRFORMAT " %d %lld", intData, 2, nCol*nRow);
data/tcl-fitstcl-2.4/fitsIO.c:2035:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(result, PTRFORMAT " %d %I64d", shortData, 1, nCol*nRow);
data/tcl-fitstcl-2.4/fitsIO.c:2037:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(result, PTRFORMAT " %d %lld", shortData, 1, nCol*nRow);
data/tcl-fitstcl-2.4/fitsIO.c:2087:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(result, PTRFORMAT " %d %I64d", byteData, 0, nCol*nRow);
data/tcl-fitstcl-2.4/fitsIO.c:2089:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(result, PTRFORMAT " %d %lld", byteData, 0, nCol*nRow);
data/tcl-fitstcl-2.4/fitsIO.c:2449:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(result, PTRFORMAT, backPtr);
data/tcl-fitstcl-2.4/fitsIO.c:2577:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(result, PTRFORMAT " %d %ld", backPtr, retnType, dataSize);
data/tcl-fitstcl-2.4/fitsIO.c:2803:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(result, PTRFORMAT " %d %ld", backPtr, dataType, numRows);
data/tcl-fitstcl-2.4/fitsIO.c:3035:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(result, PTRFORMAT " %d %ld", backPtr, dataType, numRows);
data/tcl-fitstcl-2.4/fitsIO.c:3101:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(colFormat, curFile->CHDUInfo.table.colFormat[colNums[k]-1]);
data/tcl-fitstcl-2.4/fitsIO.c:3140:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(cValue[1], colFormat, cValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:3207:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tmpStr,colFormat,xValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:3244:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tmpStr,colFormat,longValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:3281:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tmpStr,colFormat,tmpInt);
data/tcl-fitstcl-2.4/fitsIO.c:3284:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tmpStr,colFormat,tmpStr);
data/tcl-fitstcl-2.4/fitsIO.c:3286:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tmpStr,colFormat,dblValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:3340:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cplxFormat,"%s, %s",colFormat,colFormat);
data/tcl-fitstcl-2.4/fitsIO.c:3364:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tmpStr,cplxFormat,dblComplex[0],dblComplex[1]);
data/tcl-fitstcl-2.4/fitsIO.c:3839:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(card, inCard);
data/tcl-fitstcl-2.4/fitsIO.c:4007:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(colFormat, curFile->CHDUInfo.table.colFormat[baseColNum-1]);
data/tcl-fitstcl-2.4/fitsIO.c:4089:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(outputStr, colFormat, cValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:4134:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(outputStr,colFormat,xValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:4158:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(outputStr,colFormat,longValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:4184:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(outputStr,colFormat,tmpInt);
data/tcl-fitstcl-2.4/fitsIO.c:4187:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(outputStr,colFormat,outputStr);
data/tcl-fitstcl-2.4/fitsIO.c:4189:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(outputStr,colFormat,dblValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:4211:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(outputStr,colFormat,longlongValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:4307:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(colFStr[k], curFile->CHDUInfo.table.colFormat[colNums[k]-1]);
data/tcl-fitstcl-2.4/fitsIO.c:4324:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fPtr,rowFormatStr,outputStr);
data/tcl-fitstcl-2.4/fitsIO.c:4333:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fPtr,outFStr[k],curFile->CHDUInfo.table.colName[colNums[k]-1]);
data/tcl-fitstcl-2.4/fitsIO.c:4339:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fPtr,rowFormatStr,outputStr);
data/tcl-fitstcl-2.4/fitsIO.c:4348:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fPtr,outFStr[k],curFile->CHDUInfo.table.colType[colNums[k]-1]);
data/tcl-fitstcl-2.4/fitsIO.c:4354:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fPtr,rowFormatStr,outputStr);
data/tcl-fitstcl-2.4/fitsIO.c:4363:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fPtr,outFStr[k],curFile->CHDUInfo.table.colUnit[colNums[k]-1]);
data/tcl-fitstcl-2.4/fitsIO.c:4385:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fPtr,outFStr[k],curFile->CHDUInfo.table.colName[colNums[k]-1]);
data/tcl-fitstcl-2.4/fitsIO.c:4396:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fPtr,outFStr[k],curFile->CHDUInfo.table.colType[colNums[k]-1]);
data/tcl-fitstcl-2.4/fitsIO.c:4407:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fPtr,outFStr[k],curFile->CHDUInfo.table.colUnit[colNums[k]-1]);
data/tcl-fitstcl-2.4/fitsIO.c:4430:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fPtr, rowFormatStr, outputStr);
data/tcl-fitstcl-2.4/fitsIO.c:4475:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(outputStr,colFStr[j],cValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:4496:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(outputStr,colFStr[j],"U");
data/tcl-fitstcl-2.4/fitsIO.c:4499:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(outputStr,colFStr[j],"T");
data/tcl-fitstcl-2.4/fitsIO.c:4501:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(outputStr,colFStr[j],"F");
data/tcl-fitstcl-2.4/fitsIO.c:4523:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(outputStr,colFStr[j],binValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:4544:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(outputStr,colFStr[j],binValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:4565:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(outputStr,colFStr[j],shtValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:4586:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(outputStr,colFStr[j],intValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:4607:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(outputStr,colFStr[j],longValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:4628:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(outputStr,colFStr[j],fValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:4652:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(outputStr,colFStr[j],tmpInt);
data/tcl-fitstcl-2.4/fitsIO.c:4654:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(outputStr,colFStr[j],dblValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:4740:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fPtr, outFStr[j], outputStr);
data/tcl-fitstcl-2.4/fitsIO.c:5876:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cRefVal],axisNum[row], dest);
data/tcl-fitstcl-2.4/fitsIO.c:5880:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cRefPix], axisNum[row], dest);
data/tcl-fitstcl-2.4/fitsIO.c:5884:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cType], axisNum[row], dest);
data/tcl-fitstcl-2.4/fitsIO.c:5908:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword,"%s%d_%d%c", Keys[isImage][cMatrix],
data/tcl-fitstcl-2.4/fitsIO.c:5921:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword,"%s%d%c", Keys[isImage][cRota], axisNum[1], dest);
data/tcl-fitstcl-2.4/fitsIO.c:5927:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword,"%s%d%c", Keys[isImage][cRota], axisNum[0], dest);
data/tcl-fitstcl-2.4/fitsIO.c:5937:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cDelta], axisNum[col], dest);
data/tcl-fitstcl-2.4/fitsIO.c:6057:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cRefVal],axisNum[row], dest);
data/tcl-fitstcl-2.4/fitsIO.c:6061:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cRefPix], axisNum[row], dest);
data/tcl-fitstcl-2.4/fitsIO.c:6065:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cType], axisNum[row], dest);
data/tcl-fitstcl-2.4/fitsIO.c:6089:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword,"%s%d_%d%c", Keys[isImage][cMatrix],
data/tcl-fitstcl-2.4/fitsIO.c:6102:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword,"%s%d%c", Keys[isImage][cRota], axisNum[1], dest);
data/tcl-fitstcl-2.4/fitsIO.c:6108:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword,"%s%d%c", Keys[isImage][cRota], axisNum[0], dest);
data/tcl-fitstcl-2.4/fitsIO.c:6118:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cDelta], axisNum[col], dest);
data/tcl-fitstcl-2.4/fitsIO.c:6239:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cRefVal],axisNum[row], dest);
data/tcl-fitstcl-2.4/fitsIO.c:6243:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cRefPix], axisNum[row], dest);
data/tcl-fitstcl-2.4/fitsIO.c:6247:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cType], axisNum[row], dest);
data/tcl-fitstcl-2.4/fitsIO.c:6271:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword,"%s%d_%d%c", Keys[isImage][cMatrix],
data/tcl-fitstcl-2.4/fitsIO.c:6284:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword,"%s%d%c", Keys[isImage][cRota], axisNum[1], dest);
data/tcl-fitstcl-2.4/fitsIO.c:6290:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword,"%s%d%c", Keys[isImage][cRota], axisNum[0], dest);
data/tcl-fitstcl-2.4/fitsIO.c:6300:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cDelta], axisNum[col], dest);
data/tcl-fitstcl-2.4/fitsIO.c:6415:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cRefVal], Col1, dest);
data/tcl-fitstcl-2.4/fitsIO.c:6419:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cRefVal], Col2, dest);
data/tcl-fitstcl-2.4/fitsIO.c:6423:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cRefPix], Col1, dest);
data/tcl-fitstcl-2.4/fitsIO.c:6427:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cRefPix], Col2, dest);
data/tcl-fitstcl-2.4/fitsIO.c:6432:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cDelta], Col1, dest);
data/tcl-fitstcl-2.4/fitsIO.c:6436:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cDelta], Col2, dest);
data/tcl-fitstcl-2.4/fitsIO.c:6440:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cRota], Col2, dest);
data/tcl-fitstcl-2.4/fitsIO.c:6446:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cRota], Col1, dest);
data/tcl-fitstcl-2.4/fitsIO.c:6461:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d_%d%c", Keys[isImage][cMatrix], Col1, Col1, dest);
data/tcl-fitstcl-2.4/fitsIO.c:6466:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d_%d%c", Keys[isImage][cMatrix], Col2, Col2, dest);
data/tcl-fitstcl-2.4/fitsIO.c:6471:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d_%d%c", Keys[isImage][cMatrix], Col1, Col2, dest);
data/tcl-fitstcl-2.4/fitsIO.c:6476:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d_%d%c", Keys[isImage][cMatrix], Col2, Col1, dest);
data/tcl-fitstcl-2.4/fitsIO.c:6540:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cType], Col1, dest);
data/tcl-fitstcl-2.4/fitsIO.c:6542:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cType], Col2, dest);
data/tcl-fitstcl-2.4/fitsIO.c:6619:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cRefVal], Col1, dest);
data/tcl-fitstcl-2.4/fitsIO.c:6623:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cRefVal], Col2, dest);
data/tcl-fitstcl-2.4/fitsIO.c:6627:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cRefPix], Col1, dest);
data/tcl-fitstcl-2.4/fitsIO.c:6631:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cRefPix], Col2, dest);
data/tcl-fitstcl-2.4/fitsIO.c:6636:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cDelta], Col1, dest);
data/tcl-fitstcl-2.4/fitsIO.c:6640:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cDelta], Col2, dest);
data/tcl-fitstcl-2.4/fitsIO.c:6644:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cRota], Col2, dest);
data/tcl-fitstcl-2.4/fitsIO.c:6650:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cRota], Col1, dest);
data/tcl-fitstcl-2.4/fitsIO.c:6665:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d_%d%c", Keys[isImage][cMatrix], Col1, Col1, dest);
data/tcl-fitstcl-2.4/fitsIO.c:6670:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d_%d%c", Keys[isImage][cMatrix], Col2, Col2, dest);
data/tcl-fitstcl-2.4/fitsIO.c:6675:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d_%d%c", Keys[isImage][cMatrix], Col1, Col2, dest);
data/tcl-fitstcl-2.4/fitsIO.c:6680:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d_%d%c", Keys[isImage][cMatrix], Col2, Col1, dest);
data/tcl-fitstcl-2.4/fitsIO.c:6744:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cType], Col1, dest);
data/tcl-fitstcl-2.4/fitsIO.c:6746:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword, "%s%d%c", Keys[isImage][cType], Col2, dest);
data/tcl-fitstcl-2.4/fitsIO.c:6881:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(columndata[i].strData, cPtr);
data/tcl-fitstcl-2.4/fitsIO.c:7727:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(negExpr,"DEFNULL(!(%s),T)",expr);
data/tcl-fitstcl-2.4/fitsIO.c:7913:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( result, PTRFORMAT " %d %ld",
data/tcl-fitstcl-2.4/fitsTcl.c:152:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s %5.3f", FITSTCL_VERSION, cfitsioVersion);
data/tcl-fitstcl-2.4/fitsTcl.c:329:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newFile->fileName, filename);
data/tcl-fitstcl-2.4/fitsTcl.c:338:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newFile->handleName,objName);
data/tcl-fitstcl-2.4/fitsTcl.c:411:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(result, "Error closing Fits file %s\n", curFile->fileName);
data/tcl-fitstcl-2.4/fitsTcl.c:609:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(ptrStr, PTRFORMAT, dataPtr);
data/tcl-fitstcl-2.4/fitsTcl.c:919:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(strBuff,PTRFORMAT, ptr2.Dbl);
data/tcl-fitstcl-2.4/fitsTcl.c:987:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gParse.expr,expr);
data/tcl-fitstcl-2.4/fitsUtils.c:225:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rangeCpy,rangeStr);
data/tcl-fitstcl-2.4/fitsUtils.c:263:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errMsg,"Error converting token %s in element %s",
data/tcl-fitstcl-2.4/fitsUtils.c:282:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errMsg,"Error converting token %s in element %s",
data/tcl-fitstcl-2.4/fitsUtils.c:298:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errMsg,"Error converting token %s in element %s",
data/tcl-fitstcl-2.4/fitsUtils.c:307:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errMsg,"Range out of order in element %s",tokstore);
data/tcl-fitstcl-2.4/fitsUtils.c:586:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( colArray[i], tmpstr );
data/tcl-fitstcl-2.4/fitsUtils.c:660:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( *outStr, inStr);
data/tcl-fitstcl-2.4/fitsUtils.c:684:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, curFile->CHDUInfo.table.colDisp[colnum]);
data/tcl-fitstcl-2.4/fitsUtils.c:687:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, curFile->CHDUInfo.table.colType[colnum]);
data/tcl-fitstcl-2.4/fitsUtils.c:706:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rtFormat,"%%s");
data/tcl-fitstcl-2.4/fitsUtils.c:719:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rtFormat,"%%s");
data/tcl-fitstcl-2.4/fitsUtils.c:751:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rtFormat,"%%%su", tokenPtr);
data/tcl-fitstcl-2.4/fitsUtils.c:777:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rtFormat,"%%%sd", tokenPtr);
data/tcl-fitstcl-2.4/fitsUtils.c:803:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rtFormat,"%%%sd", tokenPtr);
data/tcl-fitstcl-2.4/fitsUtils.c:836:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rtFormat,"%%%sE", tokenPtr);
data/tcl-fitstcl-2.4/fitsUtils.c:860:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rtFormat,"%%%sf", tokenPtr);
data/tcl-fitstcl-2.4/fitsUtils.c:882:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rtFormat,"%%%sf", tokenPtr);
data/tcl-fitstcl-2.4/fitsUtils.c:905:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rtFormat,"%%%sG", tokenPtr);
data/tcl-fitstcl-2.4/fitsUtils.c:943:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rtFormat,"%%%so", tokenPtr);
data/tcl-fitstcl-2.4/fitsUtils.c:962:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rtFormat,"%%%sx", tokenPtr);
data/tcl-fitstcl-2.4/fitsUtils.c:1029:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(curFile->CHDUInfo.table.colFormat[colnum], rtFormat);
data/tcl-fitstcl-2.4/fitsUtils.c:1038:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(curFile->CHDUInfo.table.colFormat[colnum], rtFormat);
data/tcl-fitstcl-2.4/fitsUtils.c:1069:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(checkStr, a[i].strData);
data/tcl-fitstcl-2.4/fitsUtils.c:1075:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(checkStr, a[i].strData);
data/tcl-fitstcl-2.4/fitsUtils.c:1680:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if( sscanf( str, PTRFORMAT, &ptr) == EOF )
data/tcl-fitstcl-2.4/fitsUtils.c:1385:20: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
i1 = (long) (drand48()*numRows);
data/tcl-fitstcl-2.4/fitsUtils.c:1386:20: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
i2 = (long) (drand48()*numRows);
data/tcl-fitstcl-2.4/eval_defs.h:25:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXVARNAME+1];
data/tcl-fitstcl-2.4/eval_defs.h:43:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/tcl-fitstcl-2.4/eval_tab.h:6:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256]; /* string value */
data/tcl-fitstcl-2.4/fitsCmds.c:318:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[32];
data/tcl-fitstcl-2.4/fitsCmds.c:319:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpStr[3][FLEN_VALUE]; /* Some general purpose string buffers */
data/tcl-fitstcl-2.4/fitsCmds.c:320:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *mrgList[9], *pattern, *tmpStrPtr;
data/tcl-fitstcl-2.4/fitsCmds.c:321:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errMsg[256], **colList;
data/tcl-fitstcl-2.4/fitsCmds.c:342:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(result,"%d",curFile->chdu);
data/tcl-fitstcl-2.4/fitsCmds.c:358:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(result,"%d", bitpix);
data/tcl-fitstcl-2.4/fitsCmds.c:363:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(result,"%lld",curFile->fptr->Fptr->filesize/2880);
data/tcl-fitstcl-2.4/fitsCmds.c:396:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(result, "%d", nhdu);
data/tcl-fitstcl-2.4/fitsCmds.c:401:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(result, "%-d", curFile->numKwds);
data/tcl-fitstcl-2.4/fitsCmds.c:411:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(result, "%d", curFile->CHDUInfo.table.numCols);
data/tcl-fitstcl-2.4/fitsCmds.c:421:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(result,"%lld",curFile->CHDUInfo.table.numRows);
data/tcl-fitstcl-2.4/fitsCmds.c:559:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr[0], "%d",
data/tcl-fitstcl-2.4/fitsCmds.c:562:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr[1], "%d",
data/tcl-fitstcl-2.4/fitsCmds.c:565:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr[2], "%d",
data/tcl-fitstcl-2.4/fitsCmds.c:606:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr[0], "%d",
data/tcl-fitstcl-2.4/fitsCmds.c:609:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr[1], "%d",
data/tcl-fitstcl-2.4/fitsCmds.c:612:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr[2], "%d",
data/tcl-fitstcl-2.4/fitsCmds.c:668:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr[0], "%lld", curFile->CHDUInfo.image.naxisn[i]);
data/tcl-fitstcl-2.4/fitsCmds.c:716:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Comment[FLEN_COMMENT], Name[FLEN_KEYWORD], Value[FLEN_VALUE];
data/tcl-fitstcl-2.4/fitsCmds.c:724:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errMsg[256];
data/tcl-fitstcl-2.4/fitsCmds.c:1065:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfile[FLEN_FILENAME];
data/tcl-fitstcl-2.4/fitsCmds.c:1066:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest[8];
data/tcl-fitstcl-2.4/fitsCmds.c:1078:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outfile, "mem://_1");
data/tcl-fitstcl-2.4/fitsCmds.c:1096:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rownum = atol(argv[4]);
data/tcl-fitstcl-2.4/fitsCmds.c:1260:11: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fElem = atol( argv[3] );
data/tcl-fitstcl-2.4/fitsCmds.c:1262:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nElem = atol( argv[4] );
data/tcl-fitstcl-2.4/fitsCmds.c:1299:11: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
slice = atol(argv[8]);
data/tcl-fitstcl-2.4/fitsCmds.c:1302:12: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cslice = atol(argv[9]);
data/tcl-fitstcl-2.4/fitsCmds.c:1497:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
felem = atoi(argv[idx++]);
data/tcl-fitstcl-2.4/fitsCmds.c:1597:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errMsg[256], *argStr, *cmd, **args;
data/tcl-fitstcl-2.4/fitsCmds.c:1800:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *newArg[7];
data/tcl-fitstcl-2.4/fitsCmds.c:1824:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *newArg[5];
data/tcl-fitstcl-2.4/fitsCmds.c:2250:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[81];
data/tcl-fitstcl-2.4/fitsCmds.c:2286:11: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
slice = atol(argv[5]);
data/tcl-fitstcl-2.4/fitsCmds.c:2290:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atol(argv[3]), /* first row */
data/tcl-fitstcl-2.4/fitsCmds.c:2291:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atol(argv[4]), /* last row*/
data/tcl-fitstcl-2.4/fitsCmds.c:2318:11: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
slice = atol(argv[5]);
data/tcl-fitstcl-2.4/fitsCmds.c:2321:39: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( imageColsMeanToPtr(curFile, atol(argv[3]),
data/tcl-fitstcl-2.4/fitsCmds.c:2322:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atol(argv[4]), slice) != TCL_OK ) {
data/tcl-fitstcl-2.4/fitsCmds.c:2436:11: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
slice = atol(argv[3]);
data/tcl-fitstcl-2.4/fitsCmds.c:2452:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rotate = atoi(argv[4]);
data/tcl-fitstcl-2.4/fitsCmds.c:2618:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rowNum = atol(argv[4]);
data/tcl-fitstcl-2.4/fitsCmds.c:2619:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nelem = atol(argv[5]);
data/tcl-fitstcl-2.4/fitsCmds.c:2625:11: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
felem = atol(argv[7]);
data/tcl-fitstcl-2.4/fitsCmds.c:2662:11: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
felem = atol(argv[5]);
data/tcl-fitstcl-2.4/fitsCmds.c:2979:11: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
slice = atol(argv[13]);
data/tcl-fitstcl-2.4/fitsCmds.c:3031:23: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ifVariableVec = atol(argv[13]);
data/tcl-fitstcl-2.4/fitsCmds.c:3198:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[16];
data/tcl-fitstcl-2.4/fitsCmds.c:3201:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errMsg[256];
data/tcl-fitstcl-2.4/fitsCmds.c:3263:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(result,"%d",isNew);
data/tcl-fitstcl-2.4/fitsCmds.c:3339:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errMsg[256];
data/tcl-fitstcl-2.4/fitsCmds.c:3347:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colname[4][FLEN_VALUE];
data/tcl-fitstcl-2.4/fitsCmds.c:3351:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minname[4][FLEN_VALUE];
data/tcl-fitstcl-2.4/fitsCmds.c:3352:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maxname[4][FLEN_VALUE];
data/tcl-fitstcl-2.4/fitsCmds.c:3353:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binname[4][FLEN_VALUE];
data/tcl-fitstcl-2.4/fitsCmds.c:3355:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wtcol[FLEN_VALUE];
data/tcl-fitstcl-2.4/fitsCmds.c:3749:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfile[FLEN_FILENAME];
data/tcl-fitstcl-2.4/fitsCmds.c:3766:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strtemp[FLEN_FILENAME];
data/tcl-fitstcl-2.4/fitsCmds.c:3945:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(strtemp,"Error opening output file: ");
data/tcl-fitstcl-2.4/fitsCmds.c:3963:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(strtemp,"Smoothed output of the image file: ");
data/tcl-fitstcl-2.4/fitsIO.c:85:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpStr[80];
data/tcl-fitstcl-2.4/fitsIO.c:86:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpKey[FLEN_KEYWORD];
data/tcl-fitstcl-2.4/fitsIO.c:89:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char testChar[1024];
data/tcl-fitstcl-2.4/fitsIO.c:90:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numChar[1024];
data/tcl-fitstcl-2.4/fitsIO.c:107:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(curFile->extname ,"Image");
data/tcl-fitstcl-2.4/fitsIO.c:143:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr, "Unrecognized Extension type: %d", curFile->hduType);
data/tcl-fitstcl-2.4/fitsIO.c:192:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpKey,"TZERO%d",i+1);
data/tcl-fitstcl-2.4/fitsIO.c:203:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpKey,"TSCAL%d",i+1);
data/tcl-fitstcl-2.4/fitsIO.c:214:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpKey,"TDISP%d",i+1);
data/tcl-fitstcl-2.4/fitsIO.c:223:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpKey,"TNULL%d",i+1);
data/tcl-fitstcl-2.4/fitsIO.c:226:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(curFile->CHDUInfo.table.colNull[i], "NULL");
data/tcl-fitstcl-2.4/fitsIO.c:492:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errMsg[80];
data/tcl-fitstcl-2.4/fitsIO.c:522:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errMsg,"Too many columns in Fits file, MAX is %d",
data/tcl-fitstcl-2.4/fitsIO.c:585:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Comment[FLEN_COMMENT], Name[FLEN_KEYWORD], Value[FLEN_VALUE];
data/tcl-fitstcl-2.4/fitsIO.c:740:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char record[FLEN_CARD];
data/tcl-fitstcl-2.4/fitsIO.c:748:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(record,"Error dumping header: card #%d\n",i);
data/tcl-fitstcl-2.4/fitsIO.c:780:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[FLEN_KEYWORD];
data/tcl-fitstcl-2.4/fitsIO.c:781:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[FLEN_VALUE];
data/tcl-fitstcl-2.4/fitsIO.c:782:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char com[FLEN_COMMENT];
data/tcl-fitstcl-2.4/fitsIO.c:800:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key,"Error dumping header: card #%d\n",i);
data/tcl-fitstcl-2.4/fitsIO.c:835:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[FLEN_KEYWORD];
data/tcl-fitstcl-2.4/fitsIO.c:836:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[FLEN_VALUE];
data/tcl-fitstcl-2.4/fitsIO.c:847:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(val,"Error dumping header: card #%d\n",i);
data/tcl-fitstcl-2.4/fitsIO.c:882:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char record[FLEN_CARD+1];
data/tcl-fitstcl-2.4/fitsIO.c:893:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(record,"Error dumping header: card #%d\n",i);
data/tcl-fitstcl-2.4/fitsIO.c:1186:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errMsg[80];
data/tcl-fitstcl-2.4/fitsIO.c:1187:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errMsg,"Unknown HDU Type: %d\n",curFile->hduType);
data/tcl-fitstcl-2.4/fitsIO.c:1221:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[80];
data/tcl-fitstcl-2.4/fitsIO.c:1385:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[80];
data/tcl-fitstcl-2.4/fitsIO.c:1528:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *nullArray, tmpStr[80];
data/tcl-fitstcl-2.4/fitsIO.c:1591:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr, "%I64d", ((LONGLONG *)imgData)[i]);
data/tcl-fitstcl-2.4/fitsIO.c:1593:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr, "%lld", ((LONGLONG *)imgData)[i]);
data/tcl-fitstcl-2.4/fitsIO.c:1669:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpStr[80];
data/tcl-fitstcl-2.4/fitsIO.c:1670:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varIndex[80];
data/tcl-fitstcl-2.4/fitsIO.c:1677:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[80];
data/tcl-fitstcl-2.4/fitsIO.c:1700:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(result,"Image exceeds %d dimensions", FITS_MAXDIMS);
data/tcl-fitstcl-2.4/fitsIO.c:1833:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(varIndex,"%I64d,%I64d", fCol+i-1, fRow+j-1);
data/tcl-fitstcl-2.4/fitsIO.c:1835:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(varIndex,"%lld,%lld", fCol+i-1, fRow+j-1);
data/tcl-fitstcl-2.4/fitsIO.c:1885:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(varIndex,"%I64d,%I64d", fCol+i-1, fRow+j-1);
data/tcl-fitstcl-2.4/fitsIO.c:1887:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(varIndex,"%lld,%lld", fCol+i-1, fRow+j-1);
data/tcl-fitstcl-2.4/fitsIO.c:1893:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr, "%I64d", longlongData[tmpIndex]);
data/tcl-fitstcl-2.4/fitsIO.c:1895:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr, "%lld", longlongData[tmpIndex]);
data/tcl-fitstcl-2.4/fitsIO.c:1941:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(varIndex,"%I64d,%I64d", fCol+i-1, fRow+j-1);
data/tcl-fitstcl-2.4/fitsIO.c:1943:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(varIndex,"%lld,%lld", fCol+i-1, fRow+j-1);
data/tcl-fitstcl-2.4/fitsIO.c:1993:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(varIndex,"%I64d,%I64d", fCol+i-1, fRow+j-1);
data/tcl-fitstcl-2.4/fitsIO.c:1995:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(varIndex,"%lld,%lld", fCol+i-1, fRow+j-1);
data/tcl-fitstcl-2.4/fitsIO.c:2045:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(varIndex,"%I64d,%I64d", fCol+i-1, fRow+j-1);
data/tcl-fitstcl-2.4/fitsIO.c:2047:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(varIndex,"%lld,%lld", fCol+i-1, fRow+j-1);
data/tcl-fitstcl-2.4/fitsIO.c:2097:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(varIndex,"%I64d,%I64d", fCol+i-1, fRow+j-1);
data/tcl-fitstcl-2.4/fitsIO.c:2099:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(varIndex,"%lld,%lld", fCol+i-1, fRow+j-1);
data/tcl-fitstcl-2.4/fitsIO.c:2148:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[80];
data/tcl-fitstcl-2.4/fitsIO.c:2471:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[80];
data/tcl-fitstcl-2.4/fitsIO.c:2497:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bytNul = atoi(nulStr);
data/tcl-fitstcl-2.4/fitsIO.c:2507:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
shtNul = atoi(nulStr);
data/tcl-fitstcl-2.4/fitsIO.c:2518:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
intNul = atoi(nulStr);
data/tcl-fitstcl-2.4/fitsIO.c:2612:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[80];
data/tcl-fitstcl-2.4/fitsIO.c:2632:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bytNul = atoi(nulStr);
data/tcl-fitstcl-2.4/fitsIO.c:2660:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
shtNul = atoi(nulStr);
data/tcl-fitstcl-2.4/fitsIO.c:2688:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
intNul = atoi(nulStr);
data/tcl-fitstcl-2.4/fitsIO.c:2840:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[80];
data/tcl-fitstcl-2.4/fitsIO.c:2860:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bytNul = atoi(nulStr);
data/tcl-fitstcl-2.4/fitsIO.c:2888:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
shtNul = atoi(nulStr);
data/tcl-fitstcl-2.4/fitsIO.c:2919:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
intNul = atoi(nulStr);
data/tcl-fitstcl-2.4/fitsIO.c:3065:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xValue[1];
data/tcl-fitstcl-2.4/fitsIO.c:3067:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nullArray[1];
data/tcl-fitstcl-2.4/fitsIO.c:3069:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lValue[1];
data/tcl-fitstcl-2.4/fitsIO.c:3070:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colFormat[80];
data/tcl-fitstcl-2.4/fitsIO.c:3071:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cplxFormat[80];
data/tcl-fitstcl-2.4/fitsIO.c:3072:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpStr[80];
data/tcl-fitstcl-2.4/fitsIO.c:3074:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varIndex[80];
data/tcl-fitstcl-2.4/fitsIO.c:3077:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errMsg[160];
data/tcl-fitstcl-2.4/fitsIO.c:3110:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(varIndex,"%d,%d", fCol-1+k, m-1);
data/tcl-fitstcl-2.4/fitsIO.c:3149:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(varIndex,"%d,%d", fCol-1+k, m-1);
data/tcl-fitstcl-2.4/fitsIO.c:3153:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ckfree( (char *) cValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:3187:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(varIndex,"%d,%d", fCol-1+k, m-1);
data/tcl-fitstcl-2.4/fitsIO.c:3216:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(varIndex,"%d,%d", fCol-1+k, m-1);
data/tcl-fitstcl-2.4/fitsIO.c:3253:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(varIndex,"%d,%d", fCol-1+k, m-1);
data/tcl-fitstcl-2.4/fitsIO.c:3279:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr, "%.0f", dblValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:3280:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmpInt = atoi(tmpStr);
data/tcl-fitstcl-2.4/fitsIO.c:3283:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr, "%f", dblValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:3296:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(varIndex,"%d,%d", fCol-1+k, m-1);
data/tcl-fitstcl-2.4/fitsIO.c:3321:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr, "%I64d", longlongValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:3323:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr, "%lld", longlongValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:3331:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(varIndex,"%d,%d", fCol-1+k, m-1);
data/tcl-fitstcl-2.4/fitsIO.c:3375:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(varIndex,"%d,%d", fCol-1+k, m-1);
data/tcl-fitstcl-2.4/fitsIO.c:3382:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errMsg,"Unrecognized colType: %d for column %d",
data/tcl-fitstcl-2.4/fitsIO.c:3591:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
naxes[i] = atol(cDims[i]);
data/tcl-fitstcl-2.4/fitsIO.c:3735:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD],orig[FLEN_CARD];
data/tcl-fitstcl-2.4/fitsIO.c:3736:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyName[FLEN_KEYWORD];
data/tcl-fitstcl-2.4/fitsIO.c:3737:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[FLEN_KEYWORD];
data/tcl-fitstcl-2.4/fitsIO.c:3738:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[FLEN_VALUE];
data/tcl-fitstcl-2.4/fitsIO.c:3739:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comm[FLEN_COMMENT];
data/tcl-fitstcl-2.4/fitsIO.c:3814:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/tcl-fitstcl-2.4/fitsIO.c:3815:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[FLEN_KEYWORD];
data/tcl-fitstcl-2.4/fitsIO.c:3816:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[FLEN_VALUE];
data/tcl-fitstcl-2.4/fitsIO.c:3817:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comm[FLEN_COMMENT];
data/tcl-fitstcl-2.4/fitsIO.c:3951:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[80];
data/tcl-fitstcl-2.4/fitsIO.c:3959:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(result, "%d", newHduType);
data/tcl-fitstcl-2.4/fitsIO.c:3982:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colFormat[80];
data/tcl-fitstcl-2.4/fitsIO.c:3983:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outputStr[80];
data/tcl-fitstcl-2.4/fitsIO.c:3988:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sepString,"\",\"");
data/tcl-fitstcl-2.4/fitsIO.c:3992:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( fPtr = fopen(filename, "w")) == NULL ) {
data/tcl-fitstcl-2.4/fitsIO.c:3999:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( fPtr = fopen(filename, "a")) == NULL ) {
data/tcl-fitstcl-2.4/fitsIO.c:4014:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputStr, "%lld", m);
data/tcl-fitstcl-2.4/fitsIO.c:4054:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xValue[1];
data/tcl-fitstcl-2.4/fitsIO.c:4055:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nullArray[1];
data/tcl-fitstcl-2.4/fitsIO.c:4057:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lValue[1];
data/tcl-fitstcl-2.4/fitsIO.c:4058:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outputStr[80];
data/tcl-fitstcl-2.4/fitsIO.c:4061:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errMsg[160];
data/tcl-fitstcl-2.4/fitsIO.c:4087:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outputStr,"NULL");
data/tcl-fitstcl-2.4/fitsIO.c:4091:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ckfree( (char *) cValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:4111:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outputStr,"NULL");
data/tcl-fitstcl-2.4/fitsIO.c:4156:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outputStr,"NULL");
data/tcl-fitstcl-2.4/fitsIO.c:4179:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outputStr,"NULL");
data/tcl-fitstcl-2.4/fitsIO.c:4182:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputStr, "%.0f", dblValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:4183:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmpInt = atoi(outputStr);
data/tcl-fitstcl-2.4/fitsIO.c:4186:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputStr, "%f", dblValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:4209:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outputStr,"NULL");
data/tcl-fitstcl-2.4/fitsIO.c:4217:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errMsg,"ERROR");
data/tcl-fitstcl-2.4/fitsIO.c:4262:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rowFormatStr[10];
data/tcl-fitstcl-2.4/fitsIO.c:4275:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nullArray[1];
data/tcl-fitstcl-2.4/fitsIO.c:4277:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char binValue[1];
data/tcl-fitstcl-2.4/fitsIO.c:4278:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lValue[1];
data/tcl-fitstcl-2.4/fitsIO.c:4280:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errMsg[80];
data/tcl-fitstcl-2.4/fitsIO.c:4292:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sepString,"\",\"");
data/tcl-fitstcl-2.4/fitsIO.c:4301:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outFStr[k]," %%%ds", strSize[k]);
data/tcl-fitstcl-2.4/fitsIO.c:4302:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rowFormatStr," %%%ds", 8);
data/tcl-fitstcl-2.4/fitsIO.c:4304:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outFStr[k],"%s");
data/tcl-fitstcl-2.4/fitsIO.c:4305:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rowFormatStr,"%s");
data/tcl-fitstcl-2.4/fitsIO.c:4314:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( fPtr = fopen(filename, "w")) == NULL ) {
data/tcl-fitstcl-2.4/fitsIO.c:4323:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outputStr,"Row");
data/tcl-fitstcl-2.4/fitsIO.c:4330:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outFStr[k]," %%%ds", strSize[k] * tmpInt - (tmpInt - 1));
data/tcl-fitstcl-2.4/fitsIO.c:4338:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outputStr," ");
data/tcl-fitstcl-2.4/fitsIO.c:4345:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outFStr[k]," %%%ds", strSize[k] * tmpInt - (tmpInt - 1));
data/tcl-fitstcl-2.4/fitsIO.c:4353:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outputStr," ");
data/tcl-fitstcl-2.4/fitsIO.c:4360:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outFStr[k]," %%%ds", strSize[k] * tmpInt - (tmpInt - 1));
data/tcl-fitstcl-2.4/fitsIO.c:4370:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( fPtr = fopen(filename, "a")) == NULL ) {
data/tcl-fitstcl-2.4/fitsIO.c:4382:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outFStr[k]," %%%ds", strSize[k] * tmpInt - (tmpInt - 1));
data/tcl-fitstcl-2.4/fitsIO.c:4393:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outFStr[k]," %%%ds", strSize[k] * tmpInt - (tmpInt - 1));
data/tcl-fitstcl-2.4/fitsIO.c:4404:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outFStr[k]," %%%ds", strSize[k] * tmpInt - (tmpInt - 1));
data/tcl-fitstcl-2.4/fitsIO.c:4413:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( fPtr = fopen(filename, "a")) == NULL ) {
data/tcl-fitstcl-2.4/fitsIO.c:4427:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputStr, "%d", rowNum);
data/tcl-fitstcl-2.4/fitsIO.c:4477:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ckfree( (char *) cValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:4521:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outputStr,"NULL");
data/tcl-fitstcl-2.4/fitsIO.c:4542:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outputStr,"NULL");
data/tcl-fitstcl-2.4/fitsIO.c:4563:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outputStr,"NULL");
data/tcl-fitstcl-2.4/fitsIO.c:4584:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outputStr,"NULL");
data/tcl-fitstcl-2.4/fitsIO.c:4605:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outputStr,"NULL");
data/tcl-fitstcl-2.4/fitsIO.c:4626:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outputStr,"NULL");
data/tcl-fitstcl-2.4/fitsIO.c:4647:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outputStr,"NULL");
data/tcl-fitstcl-2.4/fitsIO.c:4650:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputStr, "%.0f", dblValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:4651:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmpInt = atoi(outputStr);
data/tcl-fitstcl-2.4/fitsIO.c:4674:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outputStr,"NULL");
data/tcl-fitstcl-2.4/fitsIO.c:4677:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputStr,"%I64d",longlongValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:4679:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputStr,"%lld",longlongValue[0]);
data/tcl-fitstcl-2.4/fitsIO.c:4700:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outputStr,"NULL, NULL");
data/tcl-fitstcl-2.4/fitsIO.c:4702:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputStr,"%.5f, %.5f",fltComplex[0],fltComplex[1]);
data/tcl-fitstcl-2.4/fitsIO.c:4721:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outputStr,"NULL, NULL");
data/tcl-fitstcl-2.4/fitsIO.c:4723:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputStr,"%.8f, %.8f",dblComplex[0],
data/tcl-fitstcl-2.4/fitsIO.c:4729:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errMsg,"Unrecognized colType: %d for column %d\n",
data/tcl-fitstcl-2.4/fitsIO.c:4732:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ckfree( (char *) outFStr[0]);
data/tcl-fitstcl-2.4/fitsIO.c:4733:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ckfree( (char *) colFStr[0]);
data/tcl-fitstcl-2.4/fitsIO.c:4755:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ckfree( (char *) outFStr[0]);
data/tcl-fitstcl-2.4/fitsIO.c:4757:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ckfree( (char *) colFStr[0]);
data/tcl-fitstcl-2.4/fitsIO.c:4779:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outFStr[80];
data/tcl-fitstcl-2.4/fitsIO.c:4789:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outputStr[1024];
data/tcl-fitstcl-2.4/fitsIO.c:4794:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[80];
data/tcl-fitstcl-2.4/fitsIO.c:4812:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(result,"Image exceeds %d dimensions", FITS_MAXDIMS);
data/tcl-fitstcl-2.4/fitsIO.c:4876:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( fPtr = fopen(filename, "w")) == NULL ) {
data/tcl-fitstcl-2.4/fitsIO.c:4882:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( fPtr = fopen(filename, "a")) == NULL ) {
data/tcl-fitstcl-2.4/fitsIO.c:4890:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outFStr, "%%%ds", cellSize);
data/tcl-fitstcl-2.4/fitsIO.c:4896:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sepString,"\",\"");
data/tcl-fitstcl-2.4/fitsIO.c:4935:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputStr, "%d", rowNum);
data/tcl-fitstcl-2.4/fitsIO.c:4942:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outputStr, "NULL");
data/tcl-fitstcl-2.4/fitsIO.c:4945:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputStr,"%g", dblData[tmpIndex]);
data/tcl-fitstcl-2.4/fitsIO.c:4990:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputStr, "%d", rowNum);
data/tcl-fitstcl-2.4/fitsIO.c:4997:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outputStr, "NULL");
data/tcl-fitstcl-2.4/fitsIO.c:5000:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputStr,"%I64d", longlongData[tmpIndex]);
data/tcl-fitstcl-2.4/fitsIO.c:5002:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputStr,"%lld", longlongData[tmpIndex]);
data/tcl-fitstcl-2.4/fitsIO.c:5046:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputStr, "%d", rowNum);
data/tcl-fitstcl-2.4/fitsIO.c:5053:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outputStr, "NULL");
data/tcl-fitstcl-2.4/fitsIO.c:5056:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputStr,"%g", floatData[tmpIndex]);
data/tcl-fitstcl-2.4/fitsIO.c:5100:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputStr, "%d", rowNum);
data/tcl-fitstcl-2.4/fitsIO.c:5107:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outputStr, "NULL");
data/tcl-fitstcl-2.4/fitsIO.c:5109:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputStr,"%d", intData[tmpIndex]);
data/tcl-fitstcl-2.4/fitsIO.c:5153:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputStr, "%d", rowNum);
data/tcl-fitstcl-2.4/fitsIO.c:5160:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outputStr, "NULL");
data/tcl-fitstcl-2.4/fitsIO.c:5162:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputStr,"%d", shortData[tmpIndex]);
data/tcl-fitstcl-2.4/fitsIO.c:5206:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputStr, "%d", rowNum);
data/tcl-fitstcl-2.4/fitsIO.c:5213:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outputStr, "NULL");
data/tcl-fitstcl-2.4/fitsIO.c:5215:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputStr,"%u", byteData[tmpIndex]);
data/tcl-fitstcl-2.4/fitsIO.c:5852:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[FLEN_VALUE];
data/tcl-fitstcl-2.4/fitsIO.c:5853:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char axisType[FITS_MAXDIMS][FLEN_VALUE];
data/tcl-fitstcl-2.4/fitsIO.c:5855:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *Keys[2][7] = {
data/tcl-fitstcl-2.4/fitsIO.c:6028:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[FLEN_VALUE];
data/tcl-fitstcl-2.4/fitsIO.c:6029:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char axisType[FITS_MAXDIMS][FLEN_VALUE];
data/tcl-fitstcl-2.4/fitsIO.c:6032:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *Keys[2][7] = {
data/tcl-fitstcl-2.4/fitsIO.c:6210:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[FLEN_VALUE];
data/tcl-fitstcl-2.4/fitsIO.c:6211:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char axisType[FITS_MAXDIMS][FLEN_VALUE];
data/tcl-fitstcl-2.4/fitsIO.c:6214:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *Keys[2][7] = {
data/tcl-fitstcl-2.4/fitsIO.c:6393:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctype[FLEN_VALUE], ctemp[FLEN_VALUE];
data/tcl-fitstcl-2.4/fitsIO.c:6394:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[FLEN_VALUE];
data/tcl-fitstcl-2.4/fitsIO.c:6399:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *Keys[2][7] = {
data/tcl-fitstcl-2.4/fitsIO.c:6546:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ctype,"none"); status = 0;
data/tcl-fitstcl-2.4/fitsIO.c:6597:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctype[FLEN_VALUE], ctemp[FLEN_VALUE];
data/tcl-fitstcl-2.4/fitsIO.c:6598:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[FLEN_VALUE];
data/tcl-fitstcl-2.4/fitsIO.c:6603:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *Keys[2][7] = {
data/tcl-fitstcl-2.4/fitsIO.c:6750:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ctype,"none"); status = 0;
data/tcl-fitstcl-2.4/fitsIO.c:6791:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctype[5];
data/tcl-fitstcl-2.4/fitsIO.c:6883:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ckfree((char *) tmpPtr[0]);
data/tcl-fitstcl-2.4/fitsIO.c:7127:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ckfree((char *) columndata[j].strData);
data/tcl-fitstcl-2.4/fitsIO.c:7147:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rowlist[i],"%ld",columndata[i].rowindex);
data/tcl-fitstcl-2.4/fitsIO.c:7153:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rowlist[uniqueNum],"%ld",columndata[i].rowindex);
data/tcl-fitstcl-2.4/fitsIO.c:7303:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpStr[80];
data/tcl-fitstcl-2.4/fitsIO.c:7313:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr, "%16.8g", colstat.min);
data/tcl-fitstcl-2.4/fitsIO.c:7315:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr, "%.10f", colstat.min);
data/tcl-fitstcl-2.4/fitsIO.c:7319:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr, "%ld", colstat.fmin);
data/tcl-fitstcl-2.4/fitsIO.c:7323:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr, "%16.8g", colstat.max);
data/tcl-fitstcl-2.4/fitsIO.c:7325:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr, "%.10f", colstat.max);
data/tcl-fitstcl-2.4/fitsIO.c:7329:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr, "%ld", colstat.fmax);
data/tcl-fitstcl-2.4/fitsIO.c:7333:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr, "%16.8g", colstat.mean);
data/tcl-fitstcl-2.4/fitsIO.c:7335:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr, "%.10f", colstat.mean);
data/tcl-fitstcl-2.4/fitsIO.c:7340:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr, "%16.8g", colstat.stdiv);
data/tcl-fitstcl-2.4/fitsIO.c:7342:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr, "%.10f", colstat.stdiv);
data/tcl-fitstcl-2.4/fitsIO.c:7346:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr, "%ld", colstat.numData);
data/tcl-fitstcl-2.4/fitsIO.c:7359:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpStr[80];
data/tcl-fitstcl-2.4/fitsIO.c:7366:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr, "%.10f", colstat.min);
data/tcl-fitstcl-2.4/fitsIO.c:7369:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr, "%.10f", colstat.max);
data/tcl-fitstcl-2.4/fitsIO.c:7533:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cValue[1];
data/tcl-fitstcl-2.4/fitsIO.c:7537:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nullArray[1];
data/tcl-fitstcl-2.4/fitsIO.c:7774:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[80];
data/tcl-fitstcl-2.4/fitsIO.c:7804:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bytNul = atoi(nulStr);
data/tcl-fitstcl-2.4/fitsIO.c:7829:12: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
intNul = atol(nulStr);
data/tcl-fitstcl-2.4/fitsIO.c:7935:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpStr[32];
data/tcl-fitstcl-2.4/fitsIO.c:7956:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmpStr, "%d %ld {", dataType, nelem );
data/tcl-fitstcl-2.4/fitsIO.c:7959:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmpStr, " %ld ", naxes[i] );
data/tcl-fitstcl-2.4/fitsTcl.c:149:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[32];
data/tcl-fitstcl-2.4/fitsTcl.c:223:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *objName,tmpStr[16], *filename;
data/tcl-fitstcl-2.4/fitsTcl.c:263:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr,"fitsObj%d",objCounter++);
data/tcl-fitstcl-2.4/fitsTcl.c:315:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr,"%d", FITS_MAX_OPEN_FILES);
data/tcl-fitstcl-2.4/fitsTcl.c:397:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[256];
data/tcl-fitstcl-2.4/fitsTcl.c:450:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strBuff[16];
data/tcl-fitstcl-2.4/fitsTcl.c:476:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strBuff,"%-d",FitsOpenFiles[i].rwmode);
data/tcl-fitstcl-2.4/fitsTcl.c:478:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strBuff,"%-d",FitsOpenFiles[i].chdu);
data/tcl-fitstcl-2.4/fitsTcl.c:480:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strBuff,"%-d",FitsOpenFiles[i].hduType);
data/tcl-fitstcl-2.4/fitsTcl.c:573:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ptrStr[16];
data/tcl-fitstcl-2.4/fitsTcl.c:629:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *rangeStr, errMsg[256], *opt;
data/tcl-fitstcl-2.4/fitsTcl.c:719:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *strArg, strBuff[80];
data/tcl-fitstcl-2.4/fitsTcl.c:1105:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(thelval->str, "%I64d", ptrs.llong[0]);
data/tcl-fitstcl-2.4/fitsTcl.c:1107:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(thelval->str, "%lld", ptrs.llong[0]);
data/tcl-fitstcl-2.4/fitsTclInt.h:84:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blank[80];
data/tcl-fitstcl-2.4/fitsTclInt.h:94:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[FLEN_KEYWORD];
data/tcl-fitstcl-2.4/fitsTclInt.h:95:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[FLEN_VALUE];
data/tcl-fitstcl-2.4/fitsTclInt.h:96:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[FLEN_COMMENT];
data/tcl-fitstcl-2.4/fitsTclInt.h:102:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[FLEN_CARD];
data/tcl-fitstcl-2.4/fitsTclInt.h:115:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extname[FLEN_VALUE];
data/tcl-fitstcl-2.4/fitsUtils.c:72:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100];
data/tcl-fitstcl-2.4/fitsUtils.c:79:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, ". (CFITSIO error status was %d)\n", status);
data/tcl-fitstcl-2.4/fitsUtils.c:228:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errMsg,"No tokens found");
data/tcl-fitstcl-2.4/fitsUtils.c:250:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errMsg,"Null token in range");
data/tcl-fitstcl-2.4/fitsUtils.c:329:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errMsg,"Too many ranges, maximum is %d",maxInt);
data/tcl-fitstcl-2.4/fitsUtils.c:677:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[80];
data/tcl-fitstcl-2.4/fitsUtils.c:678:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rtFormat[80];
data/tcl-fitstcl-2.4/fitsUtils.c:708:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
curFile->CHDUInfo.table.colWidth[colnum] = atoi(tokenPtr);
data/tcl-fitstcl-2.4/fitsUtils.c:720:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ( !isDisp || atoi(TDispKey) != 0 ) {
data/tcl-fitstcl-2.4/fitsUtils.c:727:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
curFile->CHDUInfo.table.colWidth[colnum] = atoi(tokenPtr);
data/tcl-fitstcl-2.4/fitsUtils.c:739:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rtFormat,"%%.8G");
data/tcl-fitstcl-2.4/fitsUtils.c:741:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ( !isDisp || atoi(TDispKey) != 0 ) {
data/tcl-fitstcl-2.4/fitsUtils.c:742:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rtFormat,"%%u");
data/tcl-fitstcl-2.4/fitsUtils.c:747:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rtFormat,"%%u");
data/tcl-fitstcl-2.4/fitsUtils.c:750:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
w = atoi(tokenPtr);
data/tcl-fitstcl-2.4/fitsUtils.c:765:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rtFormat,"%%.8G");
data/tcl-fitstcl-2.4/fitsUtils.c:767:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ( !isDisp || atoi(TDispKey) != 0 ) {
data/tcl-fitstcl-2.4/fitsUtils.c:768:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rtFormat,"%%d");
data/tcl-fitstcl-2.4/fitsUtils.c:773:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rtFormat,"%%d");
data/tcl-fitstcl-2.4/fitsUtils.c:776:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
w = atoi (tokenPtr);
data/tcl-fitstcl-2.4/fitsUtils.c:791:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rtFormat,"%%.8G");
data/tcl-fitstcl-2.4/fitsUtils.c:793:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ( !isDisp || atoi(TDispKey) != 0 ) {
data/tcl-fitstcl-2.4/fitsUtils.c:794:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rtFormat,"%%d");
data/tcl-fitstcl-2.4/fitsUtils.c:799:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rtFormat,"%%d");
data/tcl-fitstcl-2.4/fitsUtils.c:802:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
w = atoi (tokenPtr);
data/tcl-fitstcl-2.4/fitsUtils.c:817:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rtFormat,"%%.8G");
data/tcl-fitstcl-2.4/fitsUtils.c:819:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rtFormat,"%%ld");
data/tcl-fitstcl-2.4/fitsUtils.c:827:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ( !isDisp || atoi(TDispKey) != 0 ) {
data/tcl-fitstcl-2.4/fitsUtils.c:828:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rtFormat,"%%#.6E");
data/tcl-fitstcl-2.4/fitsUtils.c:833:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rtFormat,"%%#.6E");
data/tcl-fitstcl-2.4/fitsUtils.c:837:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
w = atoi(tokenPtr);
data/tcl-fitstcl-2.4/fitsUtils.c:850:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ( !isDisp || atoi(TDispKey) != 0 ) {
data/tcl-fitstcl-2.4/fitsUtils.c:851:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rtFormat,"%%#.6f");
data/tcl-fitstcl-2.4/fitsUtils.c:856:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rtFormat,"%%#.6f");
data/tcl-fitstcl-2.4/fitsUtils.c:859:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
w = atoi(tokenPtr);
data/tcl-fitstcl-2.4/fitsUtils.c:873:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ( !isDisp || atoi(TDispKey) != 0 ) {
data/tcl-fitstcl-2.4/fitsUtils.c:874:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rtFormat,"%%.12E");
data/tcl-fitstcl-2.4/fitsUtils.c:879:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rtFormat, "%%.12E");
data/tcl-fitstcl-2.4/fitsUtils.c:883:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
w = atoi(tokenPtr);
data/tcl-fitstcl-2.4/fitsUtils.c:896:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ( !isDisp || atoi(TDispKey) != 0 ) {
data/tcl-fitstcl-2.4/fitsUtils.c:897:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rtFormat,"%%.6G");
data/tcl-fitstcl-2.4/fitsUtils.c:902:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rtFormat,"%%.6G");
data/tcl-fitstcl-2.4/fitsUtils.c:906:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
w = atoi(tokenPtr);
data/tcl-fitstcl-2.4/fitsUtils.c:919:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rtFormat,"%%#.6G");
data/tcl-fitstcl-2.4/fitsUtils.c:926:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rtFormat,"%%#.12G");
data/tcl-fitstcl-2.4/fitsUtils.c:933:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ( !isDisp || atoi(TDispKey) != 0 ) {
data/tcl-fitstcl-2.4/fitsUtils.c:934:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rtFormat,"%%#o");
data/tcl-fitstcl-2.4/fitsUtils.c:939:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rtFormat,"%%#o");
data/tcl-fitstcl-2.4/fitsUtils.c:942:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
w = atoi(tokenPtr);
data/tcl-fitstcl-2.4/fitsUtils.c:952:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ( !isDisp || atoi(TDispKey) != 0 ) {
data/tcl-fitstcl-2.4/fitsUtils.c:953:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rtFormat,"%%#x");
data/tcl-fitstcl-2.4/fitsUtils.c:958:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rtFormat,"%%#x");
data/tcl-fitstcl-2.4/fitsUtils.c:961:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
w = atoi(tokenPtr);
data/tcl-fitstcl-2.4/fitsUtils.c:971:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ( !isDisp || atoi(TDispKey) != 0 ) {
data/tcl-fitstcl-2.4/fitsUtils.c:972:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rtFormat,"%%#u");
data/tcl-fitstcl-2.4/fitsUtils.c:977:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rtFormat,"%%#u");
data/tcl-fitstcl-2.4/fitsUtils.c:980:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rtFormat,"%%#u");
data/tcl-fitstcl-2.4/fitsUtils.c:981:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
curFile->CHDUInfo.table.colWidth[colnum] = atoi(tokenPtr);
data/tcl-fitstcl-2.4/fitsUtils.c:1409:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpStr[126];
data/tcl-fitstcl-2.4/fitsUtils.c:1423:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr, "%I64d", *ptrs.llong);
data/tcl-fitstcl-2.4/fitsUtils.c:1425:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr, "%lld", *ptrs.llong);
data/tcl-fitstcl-2.4/fitsUtils.c:1532:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpStr, "%f", ptrs.dbl[i]);
data/tcl-fitstcl-2.4/fvTcl.c:26:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char simple[10];
data/tcl-fitstcl-2.4/fvTcl.c:55:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (fitsPtr = fopen(argv[1], "r")) == NULL ) {
data/tcl-fitstcl-2.4/fvTcl.c:108:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char theMaxStr[40];
data/tcl-fitstcl-2.4/fvTcl.c:162:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char theMinStr[40];
data/tcl-fitstcl-2.4/fvTcl.c:214:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idxStr[80];
data/tcl-fitstcl-2.4/fvTcl.c:232:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(idxStr, "%d", i);
data/tcl-fitstcl-2.4/fvTcl.c:255:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idxStr[80];
data/tcl-fitstcl-2.4/fvTcl.c:274:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(idxStr, "%d", i);
data/tcl-fitstcl-2.4/fvTcl.c:298:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varIndex[80];
data/tcl-fitstcl-2.4/fvTcl.c:300:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stateVar[20];
data/tcl-fitstcl-2.4/fvTcl.c:310:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(stateVar,"_rowState");
data/tcl-fitstcl-2.4/fvTcl.c:312:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(stateVar,"_colNotchedState");
data/tcl-fitstcl-2.4/fvTcl.c:328:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(varIndex, "%d", i);
data/tcl-fitstcl-2.4/fvTcl.c:342:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(varIndex, "%d", i);
data/tcl-fitstcl-2.4/fvTcl.c:356:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(varIndex, "%d", newfirst);
data/tcl-fitstcl-2.4/fvTcl.c:369:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index[40], valStr[40];
data/tcl-fitstcl-2.4/fvTcl.c:383:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dc_lmar = atoi(tmpStr);
data/tcl-fitstcl-2.4/fvTcl.c:391:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dc_width = atoi(tmpStr);
data/tcl-fitstcl-2.4/fvTcl.c:399:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dc_rightspace = atoi(tmpStr);
data/tcl-fitstcl-2.4/fvTcl.c:407:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
charPix = atoi(tmpStr);
data/tcl-fitstcl-2.4/fvTcl.c:415:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nCols = atoi(tmpStr);
data/tcl-fitstcl-2.4/fvTcl.c:419:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(valStr, "%d", absXPos);
data/tcl-fitstcl-2.4/fvTcl.c:428:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cellPixWidth = charPix*atoi(tmpStr)+8;
data/tcl-fitstcl-2.4/fvTcl.c:430:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(valStr, "%d", cellPixWidth);
data/tcl-fitstcl-2.4/fvTcl.c:434:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(index, "%d", i+1);
data/tcl-fitstcl-2.4/fvTcl.c:435:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(valStr, "%d", absXPos);
data/tcl-fitstcl-2.4/fvTcl.c:451:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index1[80];
data/tcl-fitstcl-2.4/fvTcl.c:452:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index2[80];
data/tcl-fitstcl-2.4/fvTcl.c:453:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index3[80];
data/tcl-fitstcl-2.4/fvTcl.c:510:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(index2, "%d", (firstCol+i-1));
data/tcl-fitstcl-2.4/fvTcl.c:516:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(index3,"%d,%d", (firstCol+i-1), (firstRow+j-1));
data/tcl-fitstcl-2.4/fvTcl.c:526:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(index1, "%d_%d", i, showRows-j-1);
data/tcl-fitstcl-2.4/fvTcl.c:528:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(index1, "%d_%d", i, j);
data/tcl-fitstcl-2.4/fitsCmds.c:3502:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( colname[i], opt, j );
data/tcl-fitstcl-2.4/fitsCmds.c:3516:16: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( minname[i], opt, j );
data/tcl-fitstcl-2.4/fitsCmds.c:3532:16: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( maxname[i], opt, j );
data/tcl-fitstcl-2.4/fitsCmds.c:3548:16: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( binname[i], opt, j );
data/tcl-fitstcl-2.4/fitsCmds.c:3834:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(opt);
data/tcl-fitstcl-2.4/fitsIO.c:182:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(curFile->CHDUInfo.image.blank, " ");
data/tcl-fitstcl-2.4/fitsIO.c:217:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(curFile->CHDUInfo.table.colDisp[i], " ");
data/tcl-fitstcl-2.4/fitsIO.c:296:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(numChar, n, len);
data/tcl-fitstcl-2.4/fitsIO.c:416:22: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(numChar, n, len);
data/tcl-fitstcl-2.4/fitsIO.c:900:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(record, "\n");
data/tcl-fitstcl-2.4/fitsIO.c:3751:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(keyword, inCard, 8);
data/tcl-fitstcl-2.4/fitsIO.c:3754:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(card, inCard, 80);
data/tcl-fitstcl-2.4/fitsIO.c:3831:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(keyword, inCard, 8);
data/tcl-fitstcl-2.4/fitsIO.c:4083:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(outputStr," ");
data/tcl-fitstcl-2.4/fitsIO.c:4107:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(outputStr," ");
data/tcl-fitstcl-2.4/fitsIO.c:4152:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(outputStr," ");
data/tcl-fitstcl-2.4/fitsIO.c:4174:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(outputStr," ");
data/tcl-fitstcl-2.4/fitsIO.c:4205:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(outputStr," ");
data/tcl-fitstcl-2.4/fitsIO.c:4471:12: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(outputStr," ");
data/tcl-fitstcl-2.4/fitsIO.c:4492:12: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(outputStr," ");
data/tcl-fitstcl-2.4/fitsIO.c:4517:12: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(outputStr," ");
data/tcl-fitstcl-2.4/fitsIO.c:4538:12: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(outputStr," ");
data/tcl-fitstcl-2.4/fitsIO.c:4559:12: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(outputStr," ");
data/tcl-fitstcl-2.4/fitsIO.c:4580:12: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(outputStr," ");
data/tcl-fitstcl-2.4/fitsIO.c:4601:12: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(outputStr," ");
data/tcl-fitstcl-2.4/fitsIO.c:4622:12: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(outputStr," ");
data/tcl-fitstcl-2.4/fitsIO.c:4643:12: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(outputStr," ");
data/tcl-fitstcl-2.4/fitsIO.c:4670:12: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(outputStr," ");
data/tcl-fitstcl-2.4/fitsIO.c:4696:12: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(outputStr," ");
data/tcl-fitstcl-2.4/fitsIO.c:4717:12: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(outputStr," ");
data/tcl-fitstcl-2.4/fitsIO.c:5894:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i=0; i< strlen(axisType[row]); i++) {
data/tcl-fitstcl-2.4/fitsIO.c:5985:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i=0; i< strlen(axisType[row]); i++) {
data/tcl-fitstcl-2.4/fitsIO.c:6075:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i=0; i< strlen(axisType[row]); i++) {
data/tcl-fitstcl-2.4/fitsIO.c:6165:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i=0; i< strlen(axisType[row]); i++) {
data/tcl-fitstcl-2.4/fitsIO.c:6257:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i=0; i< strlen(axisType[row]); i++) {
data/tcl-fitstcl-2.4/fitsIO.c:6347:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i=0; i< strlen(axisType[row]); i++) {
data/tcl-fitstcl-2.4/fitsIO.c:6544:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( status || strlen(ctype)<5 || strlen(ctemp)<5
data/tcl-fitstcl-2.4/fitsIO.c:6544:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( status || strlen(ctype)<5 || strlen(ctemp)<5
data/tcl-fitstcl-2.4/fitsIO.c:6553:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctype, &ctype[4], 4);
data/tcl-fitstcl-2.4/fitsIO.c:6748:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( status || strlen(ctype)<5 || strlen(ctemp)<5
data/tcl-fitstcl-2.4/fitsIO.c:6748:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( status || strlen(ctype)<5 || strlen(ctemp)<5
data/tcl-fitstcl-2.4/fitsIO.c:6757:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctype, &ctype[4], 4);
data/tcl-fitstcl-2.4/fitsIO.c:6875:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmpPtr[0], "");
data/tcl-fitstcl-2.4/fitsIO.c:7113:16: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(columndata[k].strData, "\0");
data/tcl-fitstcl-2.4/fitsIO.c:7726:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
negExpr = (char*)ckalloc((strlen(expr)+15)*sizeof(char));
data/tcl-fitstcl-2.4/fitsTcl.c:324:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newFile->fileName = (char *) ckalloc(strlen(filename)+1);
data/tcl-fitstcl-2.4/fitsTcl.c:331:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newFile->handleName = (char *) ckalloc( strlen(objName) + 1 );
data/tcl-fitstcl-2.4/fitsTcl.c:983:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lexpr = strlen(gParse.expr);
data/tcl-fitstcl-2.4/fitsTcl.c:985:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lexpr = strlen(expr);
data/tcl-fitstcl-2.4/fitsTcl.c:989:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(gParse.expr + lexpr,"\n");
data/tcl-fitstcl-2.4/fitsTcl.c:1168:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( variable->name, dataName, MAXVARNAME );
data/tcl-fitstcl-2.4/fitsUtils.c:51:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( res );
data/tcl-fitstcl-2.4/fitsUtils.c:84:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buffer, "\n");
data/tcl-fitstcl-2.4/fitsUtils.c:224:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rangeCpy = (char *)ckalloc( (strlen(rangeStr)+1) * sizeof(char) );
data/tcl-fitstcl-2.4/fitsUtils.c:575:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
colTotSize += strlen(curFile->CHDUInfo.table.colName[i])+1;
data/tcl-fitstcl-2.4/fitsUtils.c:583:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
colArray[i] = colArray[i-1] + strlen(colArray[i-1]) + 1;
data/tcl-fitstcl-2.4/fitsUtils.c:659:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*outStr = (char *) ckalloc ( strlen(inStr) +1 );
data/tcl-fitstcl-2.4/fitsUtils.c:988:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(TDispKey) == 0) {
data/tcl-fitstcl-2.4/fitsUtils.c:991:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(TDispKey); i++)
data/tcl-fitstcl-2.4/fvTcl.c:64:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(simple) <= 0 ) {
data/tcl-fitstcl-2.4/fvTcl.c:69:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( (fgetc(fitsPtr) == '\n') || (fgetc(fitsPtr) == '\r') ) {
data/tcl-fitstcl-2.4/fvTcl.c:69:37: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( (fgetc(fitsPtr) == '\n') || (fgetc(fitsPtr) == '\r') ) {
data/tcl-fitstcl-2.4/fvTcl.c:125:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(theMaxStr, arrayPtr[0], 39);
data/tcl-fitstcl-2.4/fvTcl.c:132:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(theMaxStr, arrayPtr[j], 39);
data/tcl-fitstcl-2.4/fvTcl.c:179:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(theMinStr, arrayPtr[0], 39);
data/tcl-fitstcl-2.4/fvTcl.c:186:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(theMinStr, arrayPtr[j], 39);
data/tcl-fitstcl-2.4/fvTcl.c:425:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(index, "0");
ANALYSIS SUMMARY:
Hits = 662
Lines analyzed = 16732 in approximately 0.45 seconds (37093 lines/second)
Physical Source Lines of Code (SLOC) = 12993
Hits@level = [0] 71 [1] 67 [2] 414 [3] 2 [4] 179 [5] 0
Hits@level+ = [0+] 733 [1+] 662 [2+] 595 [3+] 181 [4+] 179 [5+] 0
Hits/KSLOC@level+ = [0+] 56.415 [1+] 50.9505 [2+] 45.7939 [3+] 13.9306 [4+] 13.7766 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.