Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/xygrib-1.2.6/src/MenuBar.cpp Examining data/xygrib-1.2.6/src/DataPointInfo.h Examining data/xygrib-1.2.6/src/GriddedPlotter.cpp Examining data/xygrib-1.2.6/src/GribPlot.h Examining data/xygrib-1.2.6/src/SkewT.cpp Examining data/xygrib-1.2.6/src/Astro.cpp Examining data/xygrib-1.2.6/src/DataQString.h Examining data/xygrib-1.2.6/src/DataColors.h Examining data/xygrib-1.2.6/src/DialogLoadGRIB.cpp Examining data/xygrib-1.2.6/src/Terrain.cpp Examining data/xygrib-1.2.6/src/Therm.h Examining data/xygrib-1.2.6/src/FileLoaderGRIB.h Examining data/xygrib-1.2.6/src/MapDrawer.h Examining data/xygrib-1.2.6/src/GriddedReader.cpp Examining data/xygrib-1.2.6/src/Astro.h Examining data/xygrib-1.2.6/src/BoardPanel.cpp Examining data/xygrib-1.2.6/src/DataMeteoAbstract.cpp Examining data/xygrib-1.2.6/src/MainWindow.cpp Examining data/xygrib-1.2.6/src/DialogLoadGRIB.h Examining data/xygrib-1.2.6/src/MeteoTableWidget.h Examining data/xygrib-1.2.6/src/RegularGriddedPlot.h Examining data/xygrib-1.2.6/src/DialogServerStatus.h Examining data/xygrib-1.2.6/src/g2clib-1.6.0/g2_unpack2.c Examining data/xygrib-1.2.6/src/g2clib-1.6.0/g2_unpack7.c Examining data/xygrib-1.2.6/src/g2clib-1.6.0/specunpack.c Examining data/xygrib-1.2.6/src/g2clib-1.6.0/pdstemplates.c Examining data/xygrib-1.2.6/src/g2clib-1.6.0/gbits.c Examining data/xygrib-1.2.6/src/g2clib-1.6.0/drstemplates.c Examining data/xygrib-1.2.6/src/g2clib-1.6.0/pdstemplates.h Examining data/xygrib-1.2.6/src/g2clib-1.6.0/rdieee.c Examining data/xygrib-1.2.6/src/g2clib-1.6.0/g2_free.c Examining data/xygrib-1.2.6/src/g2clib-1.6.0/int_power.c Examining data/xygrib-1.2.6/src/g2clib-1.6.0/g2_unpack5.c Examining data/xygrib-1.2.6/src/g2clib-1.6.0/g2_miss.c Examining data/xygrib-1.2.6/src/g2clib-1.6.0/g2_unpack4.c Examining data/xygrib-1.2.6/src/g2clib-1.6.0/dec_jpeg2000.c Examining data/xygrib-1.2.6/src/g2clib-1.6.0/getpoly.c Examining data/xygrib-1.2.6/src/g2clib-1.6.0/g2_info.c Examining data/xygrib-1.2.6/src/g2clib-1.6.0/g2_unpack3.c Examining data/xygrib-1.2.6/src/g2clib-1.6.0/getdim.c Examining data/xygrib-1.2.6/src/g2clib-1.6.0/g2_unpack1.c Examining data/xygrib-1.2.6/src/g2clib-1.6.0/g2_gribend.c Examining data/xygrib-1.2.6/src/g2clib-1.6.0/jpcunpack.c Examining data/xygrib-1.2.6/src/g2clib-1.6.0/gridtemplates.h Examining data/xygrib-1.2.6/src/g2clib-1.6.0/g2_unpack6.c Examining data/xygrib-1.2.6/src/g2clib-1.6.0/pngunpack.c Examining data/xygrib-1.2.6/src/g2clib-1.6.0/drstemplates.h Examining data/xygrib-1.2.6/src/g2clib-1.6.0/simunpack.c Examining data/xygrib-1.2.6/src/g2clib-1.6.0/seekgb.c Examining data/xygrib-1.2.6/src/g2clib-1.6.0/comunpack.c Examining data/xygrib-1.2.6/src/g2clib-1.6.0/grib2.h Examining data/xygrib-1.2.6/src/g2clib-1.6.0/gridtemplates.c Examining data/xygrib-1.2.6/src/g2clib-1.6.0/dec_png.c Examining data/xygrib-1.2.6/src/g2clib-1.6.0/jpeg2000_openjpeg.c Examining data/xygrib-1.2.6/src/g2clib-1.6.0/g2_getfld.c Examining data/xygrib-1.2.6/src/Grib2Record.cpp Examining data/xygrib-1.2.6/src/RegularGridded.h Examining data/xygrib-1.2.6/src/ColorScaleWidget.h Examining data/xygrib-1.2.6/src/GriddedRecord.h Examining data/xygrib-1.2.6/src/Therm.cpp Examining data/xygrib-1.2.6/src/DialogProxy.cpp Examining data/xygrib-1.2.6/src/DataColors.cpp Examining data/xygrib-1.2.6/src/DialogProxy.h Examining data/xygrib-1.2.6/src/FileLoader.h Examining data/xygrib-1.2.6/src/MeteoTable.cpp Examining data/xygrib-1.2.6/src/MainWindow.h Examining data/xygrib-1.2.6/src/IsoLine.h Examining data/xygrib-1.2.6/src/map/PositionEditor.h Examining data/xygrib-1.2.6/src/map/GshhsReader.h Examining data/xygrib-1.2.6/src/map/POI.h Examining data/xygrib-1.2.6/src/map/GisReader.cpp Examining data/xygrib-1.2.6/src/map/PositionEditor.cpp Examining data/xygrib-1.2.6/src/map/GshhsRangsReader.cpp Examining data/xygrib-1.2.6/src/map/POI_Editor.h Examining data/xygrib-1.2.6/src/map/Projection.cpp Examining data/xygrib-1.2.6/src/map/Projection_libproj.cpp Examining data/xygrib-1.2.6/src/map/GisReader.h Examining data/xygrib-1.2.6/src/map/POI_Editor.cpp Examining data/xygrib-1.2.6/src/map/Projection.h Examining data/xygrib-1.2.6/src/map/GshhsReader.cpp Examining data/xygrib-1.2.6/src/map/POI.cpp Examining data/xygrib-1.2.6/src/map/GshhsRangsReader.h Examining data/xygrib-1.2.6/src/ColorScaleWidget.cpp Examining data/xygrib-1.2.6/src/DialogSelectMetar.cpp Examining data/xygrib-1.2.6/src/BoardPanel.h Examining data/xygrib-1.2.6/src/FileLoaderGRIB.cpp Examining data/xygrib-1.2.6/src/MeteoTableWidget.cpp Examining data/xygrib-1.2.6/src/DialogFonts.h Examining data/xygrib-1.2.6/src/IrregularGridded.h Examining data/xygrib-1.2.6/src/LongTaskProgress.h Examining data/xygrib-1.2.6/src/DialogUnits.cpp Examining data/xygrib-1.2.6/src/MeteotableOptionsDialog.h Examining data/xygrib-1.2.6/src/DialogGraphicsParams.cpp Examining data/xygrib-1.2.6/src/MeteotableOptionsDialog.cpp Examining data/xygrib-1.2.6/src/LonLatGrid.cpp Examining data/xygrib-1.2.6/src/Grib2Plot.cpp Examining data/xygrib-1.2.6/src/GUI/LineEditorWidget.h Examining data/xygrib-1.2.6/src/GUI/AngleConverterDialog.cpp Examining data/xygrib-1.2.6/src/GUI/AngleConverterDialog.h Examining data/xygrib-1.2.6/src/GUI/PositionEditorWidget.h Examining data/xygrib-1.2.6/src/GUI/TextStyleEditorWidget.h Examining data/xygrib-1.2.6/src/GUI/ColorEditorWidget.h Examining data/xygrib-1.2.6/src/GUI/AngleConverterWidget.h Examining data/xygrib-1.2.6/src/GUI/PositionEditorWidget.cpp Examining data/xygrib-1.2.6/src/GUI/AngleConverterWidget.cpp Examining data/xygrib-1.2.6/src/GUI/ColorEditorWidget.cpp Examining data/xygrib-1.2.6/src/GUI/LineEditorWidget.cpp Examining data/xygrib-1.2.6/src/GUI/TextStyleEditorWidget.cpp Examining data/xygrib-1.2.6/src/ColorScale.h Examining data/xygrib-1.2.6/src/DialogBoxColumn.h Examining data/xygrib-1.2.6/src/MapDrawer.cpp Examining data/xygrib-1.2.6/src/GribRecord.h Examining data/xygrib-1.2.6/src/GribAnimator.h Examining data/xygrib-1.2.6/src/Terrain.h Examining data/xygrib-1.2.6/src/DialogBoxBase.h Examining data/xygrib-1.2.6/src/Grib2Plot.h Examining data/xygrib-1.2.6/src/DialogUnits.h Examining data/xygrib-1.2.6/src/IsoLine.cpp Examining data/xygrib-1.2.6/src/GribPlot.cpp Examining data/xygrib-1.2.6/src/GriddedPlotter.h Examining data/xygrib-1.2.6/src/Grib2Record.h Examining data/xygrib-1.2.6/src/MenuBar.h Examining data/xygrib-1.2.6/src/LongTaskProgress.cpp Examining data/xygrib-1.2.6/src/GribRecord.cpp Examining data/xygrib-1.2.6/src/Metar.h Examining data/xygrib-1.2.6/src/LongTaskMessage.h Examining data/xygrib-1.2.6/src/GriddedReader.h Examining data/xygrib-1.2.6/src/Grib2Reader.h Examining data/xygrib-1.2.6/src/DataQString.cpp Examining data/xygrib-1.2.6/src/ImageWriter.h Examining data/xygrib-1.2.6/src/ImageWriter.cpp Examining data/xygrib-1.2.6/src/Grib2Reader.cpp Examining data/xygrib-1.2.6/src/LongTaskMessage.cpp Examining data/xygrib-1.2.6/src/DialogServerStatus.cpp Examining data/xygrib-1.2.6/src/GriddedRecord.cpp Examining data/xygrib-1.2.6/src/ColorScale.cpp Examining data/xygrib-1.2.6/src/DateChooser.h Examining data/xygrib-1.2.6/src/util/zuFile.cpp Examining data/xygrib-1.2.6/src/util/Font.h Examining data/xygrib-1.2.6/src/util/Font.cpp Examining data/xygrib-1.2.6/src/util/Orthodromie.h Examining data/xygrib-1.2.6/src/util/Orthodromie.cpp Examining data/xygrib-1.2.6/src/util/zuFile.h Examining data/xygrib-1.2.6/src/util/Util.cpp Examining data/xygrib-1.2.6/src/util/SylkFile.h Examining data/xygrib-1.2.6/src/util/Settings.cpp Examining data/xygrib-1.2.6/src/util/Settings.h Examining data/xygrib-1.2.6/src/util/Util.h Examining data/xygrib-1.2.6/src/Metar.cpp Examining data/xygrib-1.2.6/src/DataMeteoAbstract.h Examining data/xygrib-1.2.6/src/LonLatGrid.h Examining data/xygrib-1.2.6/src/GribAnimator.cpp Examining data/xygrib-1.2.6/src/DataDefines.h Examining data/xygrib-1.2.6/src/DialogGraphicsParams.h Examining data/xygrib-1.2.6/src/GribReader.cpp Examining data/xygrib-1.2.6/src/IrregularGridded.cpp Examining data/xygrib-1.2.6/src/main.cpp Examining data/xygrib-1.2.6/src/DateChooser.cpp Examining data/xygrib-1.2.6/src/DataPointInfo.cpp Examining data/xygrib-1.2.6/src/DialogFonts.cpp Examining data/xygrib-1.2.6/src/SkewTWindow.cpp Examining data/xygrib-1.2.6/src/MeteoTable.h Examining data/xygrib-1.2.6/src/GribReader.h Examining data/xygrib-1.2.6/src/Stylesheet.h Examining data/xygrib-1.2.6/src/DialogBoxColumn.cpp Examining data/xygrib-1.2.6/src/DialogSelectMetar.h Examining data/xygrib-1.2.6/src/SkewT.h FINAL RESULTS: data/xygrib-1.2.6/src/BoardPanel.cpp:62:25: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. lbWindDir.setText (s.sprintf("%.0f ", dir)+tr("°")); data/xygrib-1.2.6/src/BoardPanel.cpp:63:25: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. lbWindBf.setText (s.sprintf("%2d ", Util::msToBeaufort(v))+tr("Bf")); data/xygrib-1.2.6/src/BoardPanel.cpp:76:28: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. lbCurrentDir.setText (s.sprintf("%.0f ", dir)+tr("°")); data/xygrib-1.2.6/src/BoardPanel.cpp:187:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. shpa.sprintf("%3d", P); data/xygrib-1.2.6/src/BoardPanel.cpp:221:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. delta.sprintf(" (%+.1f)", pf.hThetae[i]-pf.hThetae[i-1]); data/xygrib-1.2.6/src/BoardPanel.cpp:276:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. s.sprintf(" %5.2fm", ht); data/xygrib-1.2.6/src/BoardPanel.cpp:278:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. s.sprintf(" "); data/xygrib-1.2.6/src/BoardPanel.cpp:281:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. s.sprintf(" %+4.0f°", dir); data/xygrib-1.2.6/src/BoardPanel.cpp:283:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. s.sprintf(" "); data/xygrib-1.2.6/src/BoardPanel.cpp:286:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. s.sprintf(" %3.0fs", per); data/xygrib-1.2.6/src/BoardPanel.cpp:288:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. s.sprintf(" "); data/xygrib-1.2.6/src/DialogUnits.cpp:245:8: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. stz.sprintf("UTC%+d", i); data/xygrib-1.2.6/src/Grib2Record.cpp:47:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(strRefDate, "%s", qPrintable(QDateTime::fromTime_t(refDate,Qt::UTC).toString("yyyy-MM-dd HH:mm"))); data/xygrib-1.2.6/src/Grib2Record.cpp:284:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(strCurDate, "%s", qPrintable(QDateTime::fromTime_t(curDate,Qt::UTC).toString("yyyy-MM-dd HH:mm"))); data/xygrib-1.2.6/src/GribRecord.h:33:47: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define debug(format, ...) {if(DEBUG_INFO) {fprintf(stderr,format,__VA_ARGS__);fprintf(stderr,"\n");}} data/xygrib-1.2.6/src/GribRecord.h:34:73: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define erreur(format, ...) {if(DEBUG_ERROR) {fprintf(stderr,"ERROR: ");fprintf(stderr,format,__VA_ARGS__);fprintf(stderr,"\n");}} data/xygrib-1.2.6/src/IsoLine.cpp:92:19: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. label = label.sprintf("%d", qRound(value*coef+offset)); data/xygrib-1.2.6/src/LonLatGrid.cpp:147:19: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. label = label.sprintf("%g", value); data/xygrib-1.2.6/src/MeteoTableWidget.cpp:550:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. tmp.sprintf("%.0f", dir); data/xygrib-1.2.6/src/MeteoTableWidget.cpp:554:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. tmp.sprintf("%2d", Util::msToBeaufort(v)); data/xygrib-1.2.6/src/MeteoTableWidget.cpp:584:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. tmp.sprintf("%.0f", dir); data/xygrib-1.2.6/src/MeteoTableWidget.cpp:830:8: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. txt.sprintf("%.2f ", v); data/xygrib-1.2.6/src/util/Util.cpp:199:11: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%.1f", tempKelvin); data/xygrib-1.2.6/src/util/Util.cpp:202:11: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%.1f", 1.8f*(tempKelvin-273.15f)+32.0f); data/xygrib-1.2.6/src/util/Util.cpp:206:11: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%.1f", tempKelvin-273.15f); data/xygrib-1.2.6/src/util/Util.cpp:216:11: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%d", qRound(tempKelvin) ); data/xygrib-1.2.6/src/util/Util.cpp:219:11: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%d", qRound(1.8f*(tempKelvin-273.15f)+32.0f) ); data/xygrib-1.2.6/src/util/Util.cpp:223:11: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%d", qRound(tempKelvin-273.15f) ); data/xygrib-1.2.6/src/util/Util.cpp:232:11: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%.1f ", meterspersecond); data/xygrib-1.2.6/src/util/Util.cpp:236:11: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%.1f ", meterspersecond*3.6); data/xygrib-1.2.6/src/util/Util.cpp:240:11: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%.1f ", meterspersecond*3.6/1.852); data/xygrib-1.2.6/src/util/Util.cpp:262:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%d", qRound(angle +0.5f)); data/xygrib-1.2.6/src/util/Util.cpp:280:11: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%5.2f", d); data/xygrib-1.2.6/src/util/Util.cpp:282:11: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%5.1f", d); data/xygrib-1.2.6/src/util/Util.cpp:284:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%5.0f", d); data/xygrib-1.2.6/src/util/Util.cpp:444:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%d", d); data/xygrib-1.2.6/src/util/Util.cpp:454:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%d", d); data/xygrib-1.2.6/src/util/Util.cpp:464:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%.2f", mmh); data/xygrib-1.2.6/src/util/Util.cpp:466:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%.1f", mmh); data/xygrib-1.2.6/src/util/Util.cpp:476:15: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%.1f", pasc/100.0f); data/xygrib-1.2.6/src/util/Util.cpp:478:15: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%.0f", pasc/100.0f); data/xygrib-1.2.6/src/util/Util.cpp:487:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%d", qRound(jkg)); data/xygrib-1.2.6/src/util/Util.cpp:495:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%d", qRound(dbz)); data/xygrib-1.2.6/src/util/Util.cpp:513:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%.1f", d); data/xygrib-1.2.6/src/util/Util.cpp:515:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%.0f", d); data/xygrib-1.2.6/src/util/Util.cpp:523:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%.0f", second); data/xygrib-1.2.6/src/util/Util.cpp:546:6: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%.1f", d); data/xygrib-1.2.6/src/util/Util.cpp:548:6: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%.0f", d); data/xygrib-1.2.6/src/util/Util.cpp:553:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%.2f", d); data/xygrib-1.2.6/src/util/Util.cpp:571:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%c%02d%s%05.2f'", sign,deg,cdeg, min); data/xygrib-1.2.6/src/util/Util.cpp:573:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%c%03d%s%05.2f'", sign,deg,cdeg, min); data/xygrib-1.2.6/src/util/Util.cpp:584:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%c%02d%s%02d'%02d\"", sign,deg,cdeg, min,sec); data/xygrib-1.2.6/src/util/Util.cpp:586:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%c%03d%s%02d'%02d\"", sign,deg,cdeg, min,sec); data/xygrib-1.2.6/src/util/Util.cpp:591:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%05.2f%s",x,cdeg); data/xygrib-1.2.6/src/util/Util.cpp:593:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%06.2f%s",x,cdeg); data/xygrib-1.2.6/src/util/Util.cpp:667:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%.1f", v); data/xygrib-1.2.6/src/util/Util.cpp:669:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. r.sprintf("%.0f", v); data/xygrib-1.2.6/src/util/Util.h:41:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr,__VA_ARGS__); fprintf(stderr,"\n"); \ data/xygrib-1.2.6/src/ColorScale.cpp:56:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf [1000]; data/xygrib-1.2.6/src/DialogLoadGRIB.cpp:235:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ok = saveFile.open(QIODevice::WriteOnly); data/xygrib-1.2.6/src/GribReader.cpp:1017:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[sizebuf]; data/xygrib-1.2.6/src/GribRecord.cpp:870:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strgrib[4]; data/xygrib-1.2.6/src/GribRecord.cpp:939:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(strRefDate, "%04d-%02d-%02d %02d:%02d", refyear,refmonth,refday,refhour,refminute); data/xygrib-1.2.6/src/GribRecord.cpp:1191:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[4]; data/xygrib-1.2.6/src/GribRecord.cpp:1215:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char t[4]; data/xygrib-1.2.6/src/GribRecord.cpp:1244:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char t[3]; data/xygrib-1.2.6/src/GribRecord.cpp:1258:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char t[2]; data/xygrib-1.2.6/src/GribRecord.cpp:1272:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char t[3]; data/xygrib-1.2.6/src/GribRecord.cpp:1282:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char t[2]; data/xygrib-1.2.6/src/GribRecord.cpp:1320:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(strCurDate, "%04d-%02d-%02d %02d:%02d", year,month,day,hour,minute); data/xygrib-1.2.6/src/GribRecord.h:153:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strRefDate [32]; data/xygrib-1.2.6/src/GribRecord.h:154:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strCurDate [32]; data/xygrib-1.2.6/src/LongTaskProgress.cpp:74:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). progress->open (); data/xygrib-1.2.6/src/Metar.cpp:118:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf [512]; data/xygrib-1.2.6/src/g2clib-1.6.0/dec_png.c:34:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data,ptr+offset,length); data/xygrib-1.2.6/src/g2clib-1.6.0/g2_unpack7.c:128:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lfld, cgrib+ipos, 4 * ndpts ); data/xygrib-1.2.6/src/g2clib-1.6.0/g2_unpack7.c:150:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char temp[8]; data/xygrib-1.2.6/src/g2clib-1.6.0/g2_unpack7.c:157:19: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&d, temp, 8); data/xygrib-1.2.6/src/g2clib-1.6.0/g2_unpack7.c:164:19: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&d, src + i * 8, 8); data/xygrib-1.2.6/src/g2clib-1.6.0/jpeg2000_openjpeg.c:58:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, &(mstream->pData[mstream->offset]), nb_bytes_read); data/xygrib-1.2.6/src/g2clib-1.6.0/jpeg2000_openjpeg.c:73:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(mstream->pData[mstream->offset]), buffer, nb_bytes_write); data/xygrib-1.2.6/src/map/GshhsRangsReader.cpp:314:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txtn[16]; data/xygrib-1.2.6/src/map/GshhsRangsReader.cpp:328:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fcat = fopen( qPrintable(path+"rangs_"+txtn+".cat"), "rb"); data/xygrib-1.2.6/src/map/GshhsRangsReader.cpp:329:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fcel = fopen( qPrintable(path+"rangs_"+txtn+".cel"), "rb"); data/xygrib-1.2.6/src/map/GshhsRangsReader.cpp:330:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). frim = fopen( qPrintable(path+"gshhs_"+txtn+".rim"), "rb"); data/xygrib-1.2.6/src/map/GshhsRangsReader.h:138:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[2]; data/xygrib-1.2.6/src/map/GshhsRangsReader.h:147:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4]; data/xygrib-1.2.6/src/map/GshhsReader.cpp:219:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txtn[16]; data/xygrib-1.2.6/src/map/GshhsReader.h:172:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tab[4]; data/xygrib-1.2.6/src/map/GshhsReader.h:181:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tab[4]; data/xygrib-1.2.6/src/map/GshhsReader.h:190:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tab[2]; data/xygrib-1.2.6/src/map/GshhsReader.h:198:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tab[2]; data/xygrib-1.2.6/src/map/Projection_libproj.cpp:50:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *params[20]; data/xygrib-1.2.6/src/util/SylkFile.h:31:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ok = file.open (QIODevice::WriteOnly); data/xygrib-1.2.6/src/util/Util.cpp:165:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen( qPrintable(tmpfname), "w"); data/xygrib-1.2.6/src/util/Util.cpp:839:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&dt, gmtime(&t), sizeof(struct tm)); // no gmtime_r in windows mingw data/xygrib-1.2.6/src/util/zuFile.cpp:62:33: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f->zfile = (void *) fopen(f->fname, mode); data/xygrib-1.2.6/src/util/zuFile.cpp:68:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f->faux = fopen(f->fname, mode); data/xygrib-1.2.6/src/util/zuFile.cpp:97:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(fname, "r"); data/xygrib-1.2.6/src/util/zuFile.cpp:100:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf [8]; data/xygrib-1.2.6/src/util/zuFile.cpp:110:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(fname, "r"); data/xygrib-1.2.6/src/util/zuFile.cpp:113:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf [8]; data/xygrib-1.2.6/src/util/zuFile.cpp:191:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *ftmp = fopen(filename, "rb"); data/xygrib-1.2.6/src/util/zuFile.cpp:258:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ZU_BUFREADSIZE]; data/xygrib-1.2.6/src/ColorScale.cpp:69:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buf) == 0 || buf[0] =='#') data/xygrib-1.2.6/src/Metar.cpp:127:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buf)>0) { data/xygrib-1.2.6/src/Metar.cpp:147:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buf)>0) { data/xygrib-1.2.6/src/Metar.cpp:160:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buf)>0) { data/xygrib-1.2.6/src/util/zuFile.cpp:37:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!fname || strlen(fname)==0) { ANALYSIS SUMMARY: Hits = 109 Lines analyzed = 42679 in approximately 1.05 seconds (40606 lines/second) Physical Source Lines of Code (SLOC) = 30861 Hits@level = [0] 89 [1] 5 [2] 46 [3] 0 [4] 58 [5] 0 Hits@level+ = [0+] 198 [1+] 109 [2+] 104 [3+] 58 [4+] 58 [5+] 0 Hits/KSLOC@level+ = [0+] 6.41586 [1+] 3.53197 [2+] 3.36995 [3+] 1.87939 [4+] 1.87939 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.