Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/xygrib-1.2.6/src/MenuBar.cpp
Examining data/xygrib-1.2.6/src/DataPointInfo.h
Examining data/xygrib-1.2.6/src/GriddedPlotter.cpp
Examining data/xygrib-1.2.6/src/GribPlot.h
Examining data/xygrib-1.2.6/src/SkewT.cpp
Examining data/xygrib-1.2.6/src/Astro.cpp
Examining data/xygrib-1.2.6/src/DataQString.h
Examining data/xygrib-1.2.6/src/DataColors.h
Examining data/xygrib-1.2.6/src/DialogLoadGRIB.cpp
Examining data/xygrib-1.2.6/src/Terrain.cpp
Examining data/xygrib-1.2.6/src/Therm.h
Examining data/xygrib-1.2.6/src/FileLoaderGRIB.h
Examining data/xygrib-1.2.6/src/MapDrawer.h
Examining data/xygrib-1.2.6/src/GriddedReader.cpp
Examining data/xygrib-1.2.6/src/Astro.h
Examining data/xygrib-1.2.6/src/BoardPanel.cpp
Examining data/xygrib-1.2.6/src/DataMeteoAbstract.cpp
Examining data/xygrib-1.2.6/src/MainWindow.cpp
Examining data/xygrib-1.2.6/src/DialogLoadGRIB.h
Examining data/xygrib-1.2.6/src/MeteoTableWidget.h
Examining data/xygrib-1.2.6/src/RegularGriddedPlot.h
Examining data/xygrib-1.2.6/src/DialogServerStatus.h
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/g2_unpack2.c
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/g2_unpack7.c
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/specunpack.c
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/pdstemplates.c
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/gbits.c
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/drstemplates.c
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/pdstemplates.h
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/rdieee.c
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/g2_free.c
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/int_power.c
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/g2_unpack5.c
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/g2_miss.c
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/g2_unpack4.c
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/dec_jpeg2000.c
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/getpoly.c
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/g2_info.c
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/g2_unpack3.c
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/getdim.c
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/g2_unpack1.c
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/g2_gribend.c
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/jpcunpack.c
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/gridtemplates.h
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/g2_unpack6.c
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/pngunpack.c
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/drstemplates.h
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/simunpack.c
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/seekgb.c
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/comunpack.c
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/grib2.h
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/gridtemplates.c
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/dec_png.c
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/jpeg2000_openjpeg.c
Examining data/xygrib-1.2.6/src/g2clib-1.6.0/g2_getfld.c
Examining data/xygrib-1.2.6/src/Grib2Record.cpp
Examining data/xygrib-1.2.6/src/RegularGridded.h
Examining data/xygrib-1.2.6/src/ColorScaleWidget.h
Examining data/xygrib-1.2.6/src/GriddedRecord.h
Examining data/xygrib-1.2.6/src/Therm.cpp
Examining data/xygrib-1.2.6/src/DialogProxy.cpp
Examining data/xygrib-1.2.6/src/DataColors.cpp
Examining data/xygrib-1.2.6/src/DialogProxy.h
Examining data/xygrib-1.2.6/src/FileLoader.h
Examining data/xygrib-1.2.6/src/MeteoTable.cpp
Examining data/xygrib-1.2.6/src/MainWindow.h
Examining data/xygrib-1.2.6/src/IsoLine.h
Examining data/xygrib-1.2.6/src/map/PositionEditor.h
Examining data/xygrib-1.2.6/src/map/GshhsReader.h
Examining data/xygrib-1.2.6/src/map/POI.h
Examining data/xygrib-1.2.6/src/map/GisReader.cpp
Examining data/xygrib-1.2.6/src/map/PositionEditor.cpp
Examining data/xygrib-1.2.6/src/map/GshhsRangsReader.cpp
Examining data/xygrib-1.2.6/src/map/POI_Editor.h
Examining data/xygrib-1.2.6/src/map/Projection.cpp
Examining data/xygrib-1.2.6/src/map/Projection_libproj.cpp
Examining data/xygrib-1.2.6/src/map/GisReader.h
Examining data/xygrib-1.2.6/src/map/POI_Editor.cpp
Examining data/xygrib-1.2.6/src/map/Projection.h
Examining data/xygrib-1.2.6/src/map/GshhsReader.cpp
Examining data/xygrib-1.2.6/src/map/POI.cpp
Examining data/xygrib-1.2.6/src/map/GshhsRangsReader.h
Examining data/xygrib-1.2.6/src/ColorScaleWidget.cpp
Examining data/xygrib-1.2.6/src/DialogSelectMetar.cpp
Examining data/xygrib-1.2.6/src/BoardPanel.h
Examining data/xygrib-1.2.6/src/FileLoaderGRIB.cpp
Examining data/xygrib-1.2.6/src/MeteoTableWidget.cpp
Examining data/xygrib-1.2.6/src/DialogFonts.h
Examining data/xygrib-1.2.6/src/IrregularGridded.h
Examining data/xygrib-1.2.6/src/LongTaskProgress.h
Examining data/xygrib-1.2.6/src/DialogUnits.cpp
Examining data/xygrib-1.2.6/src/MeteotableOptionsDialog.h
Examining data/xygrib-1.2.6/src/DialogGraphicsParams.cpp
Examining data/xygrib-1.2.6/src/MeteotableOptionsDialog.cpp
Examining data/xygrib-1.2.6/src/LonLatGrid.cpp
Examining data/xygrib-1.2.6/src/Grib2Plot.cpp
Examining data/xygrib-1.2.6/src/GUI/LineEditorWidget.h
Examining data/xygrib-1.2.6/src/GUI/AngleConverterDialog.cpp
Examining data/xygrib-1.2.6/src/GUI/AngleConverterDialog.h
Examining data/xygrib-1.2.6/src/GUI/PositionEditorWidget.h
Examining data/xygrib-1.2.6/src/GUI/TextStyleEditorWidget.h
Examining data/xygrib-1.2.6/src/GUI/ColorEditorWidget.h
Examining data/xygrib-1.2.6/src/GUI/AngleConverterWidget.h
Examining data/xygrib-1.2.6/src/GUI/PositionEditorWidget.cpp
Examining data/xygrib-1.2.6/src/GUI/AngleConverterWidget.cpp
Examining data/xygrib-1.2.6/src/GUI/ColorEditorWidget.cpp
Examining data/xygrib-1.2.6/src/GUI/LineEditorWidget.cpp
Examining data/xygrib-1.2.6/src/GUI/TextStyleEditorWidget.cpp
Examining data/xygrib-1.2.6/src/ColorScale.h
Examining data/xygrib-1.2.6/src/DialogBoxColumn.h
Examining data/xygrib-1.2.6/src/MapDrawer.cpp
Examining data/xygrib-1.2.6/src/GribRecord.h
Examining data/xygrib-1.2.6/src/GribAnimator.h
Examining data/xygrib-1.2.6/src/Terrain.h
Examining data/xygrib-1.2.6/src/DialogBoxBase.h
Examining data/xygrib-1.2.6/src/Grib2Plot.h
Examining data/xygrib-1.2.6/src/DialogUnits.h
Examining data/xygrib-1.2.6/src/IsoLine.cpp
Examining data/xygrib-1.2.6/src/GribPlot.cpp
Examining data/xygrib-1.2.6/src/GriddedPlotter.h
Examining data/xygrib-1.2.6/src/Grib2Record.h
Examining data/xygrib-1.2.6/src/MenuBar.h
Examining data/xygrib-1.2.6/src/LongTaskProgress.cpp
Examining data/xygrib-1.2.6/src/GribRecord.cpp
Examining data/xygrib-1.2.6/src/Metar.h
Examining data/xygrib-1.2.6/src/LongTaskMessage.h
Examining data/xygrib-1.2.6/src/GriddedReader.h
Examining data/xygrib-1.2.6/src/Grib2Reader.h
Examining data/xygrib-1.2.6/src/DataQString.cpp
Examining data/xygrib-1.2.6/src/ImageWriter.h
Examining data/xygrib-1.2.6/src/ImageWriter.cpp
Examining data/xygrib-1.2.6/src/Grib2Reader.cpp
Examining data/xygrib-1.2.6/src/LongTaskMessage.cpp
Examining data/xygrib-1.2.6/src/DialogServerStatus.cpp
Examining data/xygrib-1.2.6/src/GriddedRecord.cpp
Examining data/xygrib-1.2.6/src/ColorScale.cpp
Examining data/xygrib-1.2.6/src/DateChooser.h
Examining data/xygrib-1.2.6/src/util/zuFile.cpp
Examining data/xygrib-1.2.6/src/util/Font.h
Examining data/xygrib-1.2.6/src/util/Font.cpp
Examining data/xygrib-1.2.6/src/util/Orthodromie.h
Examining data/xygrib-1.2.6/src/util/Orthodromie.cpp
Examining data/xygrib-1.2.6/src/util/zuFile.h
Examining data/xygrib-1.2.6/src/util/Util.cpp
Examining data/xygrib-1.2.6/src/util/SylkFile.h
Examining data/xygrib-1.2.6/src/util/Settings.cpp
Examining data/xygrib-1.2.6/src/util/Settings.h
Examining data/xygrib-1.2.6/src/util/Util.h
Examining data/xygrib-1.2.6/src/Metar.cpp
Examining data/xygrib-1.2.6/src/DataMeteoAbstract.h
Examining data/xygrib-1.2.6/src/LonLatGrid.h
Examining data/xygrib-1.2.6/src/GribAnimator.cpp
Examining data/xygrib-1.2.6/src/DataDefines.h
Examining data/xygrib-1.2.6/src/DialogGraphicsParams.h
Examining data/xygrib-1.2.6/src/GribReader.cpp
Examining data/xygrib-1.2.6/src/IrregularGridded.cpp
Examining data/xygrib-1.2.6/src/main.cpp
Examining data/xygrib-1.2.6/src/DateChooser.cpp
Examining data/xygrib-1.2.6/src/DataPointInfo.cpp
Examining data/xygrib-1.2.6/src/DialogFonts.cpp
Examining data/xygrib-1.2.6/src/SkewTWindow.cpp
Examining data/xygrib-1.2.6/src/MeteoTable.h
Examining data/xygrib-1.2.6/src/GribReader.h
Examining data/xygrib-1.2.6/src/Stylesheet.h
Examining data/xygrib-1.2.6/src/DialogBoxColumn.cpp
Examining data/xygrib-1.2.6/src/DialogSelectMetar.h
Examining data/xygrib-1.2.6/src/SkewT.h
FINAL RESULTS:
data/xygrib-1.2.6/src/BoardPanel.cpp:62:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
lbWindDir.setText (s.sprintf("%.0f ", dir)+tr("°"));
data/xygrib-1.2.6/src/BoardPanel.cpp:63:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
lbWindBf.setText (s.sprintf("%2d ", Util::msToBeaufort(v))+tr("Bf"));
data/xygrib-1.2.6/src/BoardPanel.cpp:76:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
lbCurrentDir.setText (s.sprintf("%.0f ", dir)+tr("°"));
data/xygrib-1.2.6/src/BoardPanel.cpp:187:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
shpa.sprintf("%3d", P);
data/xygrib-1.2.6/src/BoardPanel.cpp:221:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
delta.sprintf(" (%+.1f)", pf.hThetae[i]-pf.hThetae[i-1]);
data/xygrib-1.2.6/src/BoardPanel.cpp:276:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
s.sprintf(" %5.2fm", ht);
data/xygrib-1.2.6/src/BoardPanel.cpp:278:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
s.sprintf(" ");
data/xygrib-1.2.6/src/BoardPanel.cpp:281:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
s.sprintf(" %+4.0f°", dir);
data/xygrib-1.2.6/src/BoardPanel.cpp:283:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
s.sprintf(" ");
data/xygrib-1.2.6/src/BoardPanel.cpp:286:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
s.sprintf(" %3.0fs", per);
data/xygrib-1.2.6/src/BoardPanel.cpp:288:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
s.sprintf(" ");
data/xygrib-1.2.6/src/DialogUnits.cpp:245:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
stz.sprintf("UTC%+d", i);
data/xygrib-1.2.6/src/Grib2Record.cpp:47:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(strRefDate, "%s", qPrintable(QDateTime::fromTime_t(refDate,Qt::UTC).toString("yyyy-MM-dd HH:mm")));
data/xygrib-1.2.6/src/Grib2Record.cpp:284:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(strCurDate, "%s", qPrintable(QDateTime::fromTime_t(curDate,Qt::UTC).toString("yyyy-MM-dd HH:mm")));
data/xygrib-1.2.6/src/GribRecord.h:33:47: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define debug(format, ...) {if(DEBUG_INFO) {fprintf(stderr,format,__VA_ARGS__);fprintf(stderr,"\n");}}
data/xygrib-1.2.6/src/GribRecord.h:34:73: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define erreur(format, ...) {if(DEBUG_ERROR) {fprintf(stderr,"ERROR: ");fprintf(stderr,format,__VA_ARGS__);fprintf(stderr,"\n");}}
data/xygrib-1.2.6/src/IsoLine.cpp:92:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
label = label.sprintf("%d", qRound(value*coef+offset));
data/xygrib-1.2.6/src/LonLatGrid.cpp:147:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
label = label.sprintf("%g", value);
data/xygrib-1.2.6/src/MeteoTableWidget.cpp:550:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
tmp.sprintf("%.0f", dir);
data/xygrib-1.2.6/src/MeteoTableWidget.cpp:554:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
tmp.sprintf("%2d", Util::msToBeaufort(v));
data/xygrib-1.2.6/src/MeteoTableWidget.cpp:584:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
tmp.sprintf("%.0f", dir);
data/xygrib-1.2.6/src/MeteoTableWidget.cpp:830:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
txt.sprintf("%.2f ", v);
data/xygrib-1.2.6/src/util/Util.cpp:199:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%.1f", tempKelvin);
data/xygrib-1.2.6/src/util/Util.cpp:202:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%.1f", 1.8f*(tempKelvin-273.15f)+32.0f);
data/xygrib-1.2.6/src/util/Util.cpp:206:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%.1f", tempKelvin-273.15f);
data/xygrib-1.2.6/src/util/Util.cpp:216:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%d", qRound(tempKelvin) );
data/xygrib-1.2.6/src/util/Util.cpp:219:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%d", qRound(1.8f*(tempKelvin-273.15f)+32.0f) );
data/xygrib-1.2.6/src/util/Util.cpp:223:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%d", qRound(tempKelvin-273.15f) );
data/xygrib-1.2.6/src/util/Util.cpp:232:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%.1f ", meterspersecond);
data/xygrib-1.2.6/src/util/Util.cpp:236:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%.1f ", meterspersecond*3.6);
data/xygrib-1.2.6/src/util/Util.cpp:240:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%.1f ", meterspersecond*3.6/1.852);
data/xygrib-1.2.6/src/util/Util.cpp:262:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%d", qRound(angle +0.5f));
data/xygrib-1.2.6/src/util/Util.cpp:280:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%5.2f", d);
data/xygrib-1.2.6/src/util/Util.cpp:282:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%5.1f", d);
data/xygrib-1.2.6/src/util/Util.cpp:284:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%5.0f", d);
data/xygrib-1.2.6/src/util/Util.cpp:444:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%d", d);
data/xygrib-1.2.6/src/util/Util.cpp:454:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%d", d);
data/xygrib-1.2.6/src/util/Util.cpp:464:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%.2f", mmh);
data/xygrib-1.2.6/src/util/Util.cpp:466:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%.1f", mmh);
data/xygrib-1.2.6/src/util/Util.cpp:476:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%.1f", pasc/100.0f);
data/xygrib-1.2.6/src/util/Util.cpp:478:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%.0f", pasc/100.0f);
data/xygrib-1.2.6/src/util/Util.cpp:487:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%d", qRound(jkg));
data/xygrib-1.2.6/src/util/Util.cpp:495:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%d", qRound(dbz));
data/xygrib-1.2.6/src/util/Util.cpp:513:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%.1f", d);
data/xygrib-1.2.6/src/util/Util.cpp:515:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%.0f", d);
data/xygrib-1.2.6/src/util/Util.cpp:523:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%.0f", second);
data/xygrib-1.2.6/src/util/Util.cpp:546:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%.1f", d);
data/xygrib-1.2.6/src/util/Util.cpp:548:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%.0f", d);
data/xygrib-1.2.6/src/util/Util.cpp:553:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%.2f", d);
data/xygrib-1.2.6/src/util/Util.cpp:571:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%c%02d%s%05.2f'", sign,deg,cdeg, min);
data/xygrib-1.2.6/src/util/Util.cpp:573:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%c%03d%s%05.2f'", sign,deg,cdeg, min);
data/xygrib-1.2.6/src/util/Util.cpp:584:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%c%02d%s%02d'%02d\"", sign,deg,cdeg, min,sec);
data/xygrib-1.2.6/src/util/Util.cpp:586:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%c%03d%s%02d'%02d\"", sign,deg,cdeg, min,sec);
data/xygrib-1.2.6/src/util/Util.cpp:591:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%05.2f%s",x,cdeg);
data/xygrib-1.2.6/src/util/Util.cpp:593:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%06.2f%s",x,cdeg);
data/xygrib-1.2.6/src/util/Util.cpp:667:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%.1f", v);
data/xygrib-1.2.6/src/util/Util.cpp:669:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
r.sprintf("%.0f", v);
data/xygrib-1.2.6/src/util/Util.h:41:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,__VA_ARGS__); fprintf(stderr,"\n"); \
data/xygrib-1.2.6/src/ColorScale.cpp:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [1000];
data/xygrib-1.2.6/src/DialogLoadGRIB.cpp:235:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ok = saveFile.open(QIODevice::WriteOnly);
data/xygrib-1.2.6/src/GribReader.cpp:1017:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizebuf];
data/xygrib-1.2.6/src/GribRecord.cpp:870:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strgrib[4];
data/xygrib-1.2.6/src/GribRecord.cpp:939:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strRefDate, "%04d-%02d-%02d %02d:%02d", refyear,refmonth,refday,refhour,refminute);
data/xygrib-1.2.6/src/GribRecord.cpp:1191:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[4];
data/xygrib-1.2.6/src/GribRecord.cpp:1215:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char t[4];
data/xygrib-1.2.6/src/GribRecord.cpp:1244:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char t[3];
data/xygrib-1.2.6/src/GribRecord.cpp:1258:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char t[2];
data/xygrib-1.2.6/src/GribRecord.cpp:1272:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char t[3];
data/xygrib-1.2.6/src/GribRecord.cpp:1282:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char t[2];
data/xygrib-1.2.6/src/GribRecord.cpp:1320:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strCurDate, "%04d-%02d-%02d %02d:%02d", year,month,day,hour,minute);
data/xygrib-1.2.6/src/GribRecord.h:153:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strRefDate [32];
data/xygrib-1.2.6/src/GribRecord.h:154:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strCurDate [32];
data/xygrib-1.2.6/src/LongTaskProgress.cpp:74:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
progress->open ();
data/xygrib-1.2.6/src/Metar.cpp:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [512];
data/xygrib-1.2.6/src/g2clib-1.6.0/dec_png.c:34:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data,ptr+offset,length);
data/xygrib-1.2.6/src/g2clib-1.6.0/g2_unpack7.c:128:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lfld, cgrib+ipos, 4 * ndpts );
data/xygrib-1.2.6/src/g2clib-1.6.0/g2_unpack7.c:150:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp[8];
data/xygrib-1.2.6/src/g2clib-1.6.0/g2_unpack7.c:157:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d, temp, 8);
data/xygrib-1.2.6/src/g2clib-1.6.0/g2_unpack7.c:164:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d, src + i * 8, 8);
data/xygrib-1.2.6/src/g2clib-1.6.0/jpeg2000_openjpeg.c:58:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &(mstream->pData[mstream->offset]), nb_bytes_read);
data/xygrib-1.2.6/src/g2clib-1.6.0/jpeg2000_openjpeg.c:73:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(mstream->pData[mstream->offset]), buffer, nb_bytes_write);
data/xygrib-1.2.6/src/map/GshhsRangsReader.cpp:314:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txtn[16];
data/xygrib-1.2.6/src/map/GshhsRangsReader.cpp:328:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fcat = fopen( qPrintable(path+"rangs_"+txtn+".cat"), "rb");
data/xygrib-1.2.6/src/map/GshhsRangsReader.cpp:329:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fcel = fopen( qPrintable(path+"rangs_"+txtn+".cel"), "rb");
data/xygrib-1.2.6/src/map/GshhsRangsReader.cpp:330:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
frim = fopen( qPrintable(path+"gshhs_"+txtn+".rim"), "rb");
data/xygrib-1.2.6/src/map/GshhsRangsReader.h:138:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2];
data/xygrib-1.2.6/src/map/GshhsRangsReader.h:147:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/xygrib-1.2.6/src/map/GshhsReader.cpp:219:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txtn[16];
data/xygrib-1.2.6/src/map/GshhsReader.h:172:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tab[4];
data/xygrib-1.2.6/src/map/GshhsReader.h:181:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tab[4];
data/xygrib-1.2.6/src/map/GshhsReader.h:190:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tab[2];
data/xygrib-1.2.6/src/map/GshhsReader.h:198:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tab[2];
data/xygrib-1.2.6/src/map/Projection_libproj.cpp:50:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *params[20];
data/xygrib-1.2.6/src/util/SylkFile.h:31:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ok = file.open (QIODevice::WriteOnly);
data/xygrib-1.2.6/src/util/Util.cpp:165:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen( qPrintable(tmpfname), "w");
data/xygrib-1.2.6/src/util/Util.cpp:839:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&dt, gmtime(&t), sizeof(struct tm)); // no gmtime_r in windows mingw
data/xygrib-1.2.6/src/util/zuFile.cpp:62:33: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f->zfile = (void *) fopen(f->fname, mode);
data/xygrib-1.2.6/src/util/zuFile.cpp:68:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f->faux = fopen(f->fname, mode);
data/xygrib-1.2.6/src/util/zuFile.cpp:97:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(fname, "r");
data/xygrib-1.2.6/src/util/zuFile.cpp:100:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf [8];
data/xygrib-1.2.6/src/util/zuFile.cpp:110:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(fname, "r");
data/xygrib-1.2.6/src/util/zuFile.cpp:113:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf [8];
data/xygrib-1.2.6/src/util/zuFile.cpp:191:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ftmp = fopen(filename, "rb");
data/xygrib-1.2.6/src/util/zuFile.cpp:258:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ZU_BUFREADSIZE];
data/xygrib-1.2.6/src/ColorScale.cpp:69:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) == 0 || buf[0] =='#')
data/xygrib-1.2.6/src/Metar.cpp:127:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf)>0) {
data/xygrib-1.2.6/src/Metar.cpp:147:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf)>0) {
data/xygrib-1.2.6/src/Metar.cpp:160:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf)>0) {
data/xygrib-1.2.6/src/util/zuFile.cpp:37:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!fname || strlen(fname)==0) {
ANALYSIS SUMMARY:
Hits = 109
Lines analyzed = 42679 in approximately 1.05 seconds (40606 lines/second)
Physical Source Lines of Code (SLOC) = 30861
Hits@level = [0] 89 [1] 5 [2] 46 [3] 0 [4] 58 [5] 0
Hits@level+ = [0+] 198 [1+] 109 [2+] 104 [3+] 58 [4+] 58 [5+] 0
Hits/KSLOC@level+ = [0+] 6.41586 [1+] 3.53197 [2+] 3.36995 [3+] 1.87939 [4+] 1.87939 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.