Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/acedb-4.9.39+dfsg.02/w1/acein.c
Examining data/acedb-4.9.39+dfsg.02/w1/aceout.c
Examining data/acedb-4.9.39+dfsg.02/w1/acethread.c
Examining data/acedb-4.9.39+dfsg.02/w1/arraysub.c
Examining data/acedb-4.9.39+dfsg.02/w1/bump.c
Examining data/acedb-4.9.39+dfsg.02/w1/call.c
Examining data/acedb-4.9.39+dfsg.02/w1/chronoexe.c
Examining data/acedb-4.9.39+dfsg.02/w1/dict.c
Examining data/acedb-4.9.39+dfsg.02/w1/filsubs.c
Examining data/acedb-4.9.39+dfsg.02/w1/freeout.c
Examining data/acedb-4.9.39+dfsg.02/w1/freesubs.c
Examining data/acedb-4.9.39+dfsg.02/w1/getopt.c
Examining data/acedb-4.9.39+dfsg.02/w1/getopt1.c
Examining data/acedb-4.9.39+dfsg.02/w1/heap.c
Examining data/acedb-4.9.39+dfsg.02/w1/liste.c
Examining data/acedb-4.9.39+dfsg.02/w1/memsubs.c
Examining data/acedb-4.9.39+dfsg.02/w1/menu.c
Examining data/acedb-4.9.39+dfsg.02/w1/messubs.c
Examining data/acedb-4.9.39+dfsg.02/w1/msort.c
Examining data/acedb-4.9.39+dfsg.02/w1/randsubs.c
Examining data/acedb-4.9.39+dfsg.02/w1/strsubs.c
Examining data/acedb-4.9.39+dfsg.02/w1/texthelp.c
Examining data/acedb-4.9.39+dfsg.02/w1/timesubs.c
Examining data/acedb-4.9.39+dfsg.02/w1/utils.c
Examining data/acedb-4.9.39+dfsg.02/w1/vtxt.c
Examining data/acedb-4.9.39+dfsg.02/w1/helpsubs.c
Examining data/acedb-4.9.39+dfsg.02/w2/chronodisp.c
Examining data/acedb-4.9.39+dfsg.02/w2/colcontrol.c
Examining data/acedb-4.9.39+dfsg.02/w2/filquery.c
Examining data/acedb-4.9.39+dfsg.02/w2/gex.c
Examining data/acedb-4.9.39+dfsg.02/w2/gexhelp.c
Examining data/acedb-4.9.39+dfsg.02/w2/gexramptool.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphAcedbInterface.c
Examining data/acedb-4.9.39+dfsg.02/w2/graph_.h
Examining data/acedb-4.9.39+dfsg.02/w2/graphcolour.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphcolour.h
Examining data/acedb-4.9.39+dfsg.02/w2/graphcon.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphdev.h
Examining data/acedb-4.9.39+dfsg.02/w2/graphgdi.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphgdk.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphgdkremote.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphgif.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphgtk.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphgtk_.h
Examining data/acedb-4.9.39+dfsg.02/w2/graphimage.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphmesglist.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphprint.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphps.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphremote.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphselect.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphsub.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphtest.c
Examining data/acedb-4.9.39+dfsg.02/w2/viewedit.c
Examining data/acedb-4.9.39+dfsg.02/w2/vroot.h
Examining data/acedb-4.9.39+dfsg.02/w2/xremotemain.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphascii.c
Examining data/acedb-4.9.39+dfsg.02/w3/apputils.c
Examining data/acedb-4.9.39+dfsg.02/w3/gifacemain.c
Examining data/acedb-4.9.39+dfsg.02/w3/tacemain.c
Examining data/acedb-4.9.39+dfsg.02/w3/taqlmain.c
Examining data/acedb-4.9.39+dfsg.02/w3/xacemain.c
Examining data/acedb-4.9.39+dfsg.02/w3/xclientmain.c
Examining data/acedb-4.9.39+dfsg.02/w4/aceutils.c
Examining data/acedb-4.9.39+dfsg.02/w4/alignment.c
Examining data/acedb-4.9.39+dfsg.02/w4/banner.c
Examining data/acedb-4.9.39+dfsg.02/w4/command.c
Examining data/acedb-4.9.39+dfsg.02/w4/command_.h
Examining data/acedb-4.9.39+dfsg.02/w4/commandmenu.c
Examining data/acedb-4.9.39+dfsg.02/w4/dbpath.c
Examining data/acedb-4.9.39+dfsg.02/w4/dump.c
Examining data/acedb-4.9.39+dfsg.02/w4/gifcommand.c
Examining data/acedb-4.9.39+dfsg.02/w4/logsubs.c
Examining data/acedb-4.9.39+dfsg.02/w4/longtext.c
Examining data/acedb-4.9.39+dfsg.02/w4/mainpick.c
Examining data/acedb-4.9.39+dfsg.02/w4/metadata.c
Examining data/acedb-4.9.39+dfsg.02/w4/model.c
Examining data/acedb-4.9.39+dfsg.02/w4/newkey.c
Examining data/acedb-4.9.39+dfsg.02/w4/parse.c
Examining data/acedb-4.9.39+dfsg.02/w4/parse_.h
Examining data/acedb-4.9.39+dfsg.02/w4/picksubs.c
Examining data/acedb-4.9.39+dfsg.02/w4/prefsubs.c
Examining data/acedb-4.9.39+dfsg.02/w4/queryexe.c
Examining data/acedb-4.9.39+dfsg.02/w4/session.c
Examining data/acedb-4.9.39+dfsg.02/w4/sigsubs.c
Examining data/acedb-4.9.39+dfsg.02/w4/status.c
Examining data/acedb-4.9.39+dfsg.02/w4/tabledefio.c
Examining data/acedb-4.9.39+dfsg.02/w4/tabledefsubs.c
Examining data/acedb-4.9.39+dfsg.02/w4/update.c
Examining data/acedb-4.9.39+dfsg.02/w5/acache.c
Examining data/acedb-4.9.39+dfsg.02/w5/adisk.c
Examining data/acedb-4.9.39+dfsg.02/w5/blocksub.c
Examining data/acedb-4.9.39+dfsg.02/w5/bs2block.c
Examining data/acedb-4.9.39+dfsg.02/w5/disknew.c
Examining data/acedb-4.9.39+dfsg.02/w5/idacedb.c
Examining data/acedb-4.9.39+dfsg.02/w5/idacedb.h
Examining data/acedb-4.9.39+dfsg.02/w5/idcurate.c
Examining data/acedb-4.9.39+dfsg.02/w5/keysetdump.c
Examining data/acedb-4.9.39+dfsg.02/w5/lexalpha.c
Examining data/acedb-4.9.39+dfsg.02/w5/lexsubs4.c
Examining data/acedb-4.9.39+dfsg.02/w5/objcache.c
Examining data/acedb-4.9.39+dfsg.02/w6/acdbtest.c
Examining data/acedb-4.9.39+dfsg.02/w6/acedbgraph.c
Examining data/acedb-4.9.39+dfsg.02/w6/action.c
Examining data/acedb-4.9.39+dfsg.02/w6/aqldisp.c
Examining data/acedb-4.9.39+dfsg.02/w6/asubs.c
Examining data/acedb-4.9.39+dfsg.02/w6/basepad.c
Examining data/acedb-4.9.39+dfsg.02/w6/bsdumps.c
Examining data/acedb-4.9.39+dfsg.02/w6/bssubs.c
Examining data/acedb-4.9.39+dfsg.02/w6/bstools.c
Examining data/acedb-4.9.39+dfsg.02/w6/bstree.c
Examining data/acedb-4.9.39+dfsg.02/w6/bsubs.c
Examining data/acedb-4.9.39+dfsg.02/w6/check.c
Examining data/acedb-4.9.39+dfsg.02/w6/display.c
Examining data/acedb-4.9.39+dfsg.02/w6/dnacode.c
Examining data/acedb-4.9.39+dfsg.02/w6/dnasubs.c
Examining data/acedb-4.9.39+dfsg.02/w6/forest.c
Examining data/acedb-4.9.39+dfsg.02/w6/keyset.c
Examining data/acedb-4.9.39+dfsg.02/w6/ksetdisp.c
Examining data/acedb-4.9.39+dfsg.02/w6/layoutdisp.c
Examining data/acedb-4.9.39+dfsg.02/w6/longtextdisp.c
Examining data/acedb-4.9.39+dfsg.02/w6/matchtable.c
Examining data/acedb-4.9.39+dfsg.02/w6/multimapdisp.c
Examining data/acedb-4.9.39+dfsg.02/w6/nicedump.c
Examining data/acedb-4.9.39+dfsg.02/w6/objcachedisp.c
Examining data/acedb-4.9.39+dfsg.02/w6/peptide.c
Examining data/acedb-4.9.39+dfsg.02/w6/plot.c
Examining data/acedb-4.9.39+dfsg.02/w6/plot2d.c
Examining data/acedb-4.9.39+dfsg.02/w6/prefdisp.c
Examining data/acedb-4.9.39+dfsg.02/w6/qbedisp.c
Examining data/acedb-4.9.39+dfsg.02/w6/querybuild.c
Examining data/acedb-4.9.39+dfsg.02/w6/querydisp.c
Examining data/acedb-4.9.39+dfsg.02/w6/sessiondisp.c
Examining data/acedb-4.9.39+dfsg.02/w6/smap.c
Examining data/acedb-4.9.39+dfsg.02/w6/smap_.h
Examining data/acedb-4.9.39+dfsg.02/w6/statusdisp.c
Examining data/acedb-4.9.39+dfsg.02/w6/tabledisp.c
Examining data/acedb-4.9.39+dfsg.02/w6/tablemakerdisp.c
Examining data/acedb-4.9.39+dfsg.02/w6/treedisp.c
Examining data/acedb-4.9.39+dfsg.02/w7/alignmentdisp.c
Examining data/acedb-4.9.39+dfsg.02/w7/biblio.c
Examining data/acedb-4.9.39+dfsg.02/w7/cmapdisp.c
Examining data/acedb-4.9.39+dfsg.02/w7/coltest.c
Examining data/acedb-4.9.39+dfsg.02/w7/das.c
Examining data/acedb-4.9.39+dfsg.02/w7/dnacpt.c
Examining data/acedb-4.9.39+dfsg.02/w7/drawdisp.c
Examining data/acedb-4.9.39+dfsg.02/w7/fmap_.h
Examining data/acedb-4.9.39+dfsg.02/w7/fmapblast.c
Examining data/acedb-4.9.39+dfsg.02/w7/fmapcdna.c
Examining data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c
Examining data/acedb-4.9.39+dfsg.02/w7/fmapcurate.c
Examining data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c
Examining data/acedb-4.9.39+dfsg.02/w7/fmapgene.c
Examining data/acedb-4.9.39+dfsg.02/w7/fmapmenes.c
Examining data/acedb-4.9.39+dfsg.02/w7/fmaposp.c
Examining data/acedb-4.9.39+dfsg.02/w7/fmapsequence.c
Examining data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c
Examining data/acedb-4.9.39+dfsg.02/w7/fpdisp.c
Examining data/acedb-4.9.39+dfsg.02/w7/geldisp.c
Examining data/acedb-4.9.39+dfsg.02/w7/genecurate.c
Examining data/acedb-4.9.39+dfsg.02/w7/gff.c
Examining data/acedb-4.9.39+dfsg.02/w7/gmapconvert.c
Examining data/acedb-4.9.39+dfsg.02/w7/gmapdisp.c
Examining data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c
Examining data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c
Examining data/acedb-4.9.39+dfsg.02/w7/gmapmarkercol.c
Examining data/acedb-4.9.39+dfsg.02/w7/gmapposnegcol.c
Examining data/acedb-4.9.39+dfsg.02/w7/gmapremarkcol.c
Examining data/acedb-4.9.39+dfsg.02/w7/gmapsubmapcol.c
Examining data/acedb-4.9.39+dfsg.02/w7/grid_.h
Examining data/acedb-4.9.39+dfsg.02/w7/griddisp.c
Examining data/acedb-4.9.39+dfsg.02/w7/mapcontrol.c
Examining data/acedb-4.9.39+dfsg.02/w7/metab.c
Examining data/acedb-4.9.39+dfsg.02/w7/method.c
Examining data/acedb-4.9.39+dfsg.02/w7/methodcache.c
Examining data/acedb-4.9.39+dfsg.02/w7/pepactivezonecol.c
Examining data/acedb-4.9.39+dfsg.02/w7/pepdisp.c
Examining data/acedb-4.9.39+dfsg.02/w7/pepfeaturecol.c
Examining data/acedb-4.9.39+dfsg.02/w7/pepgifcommand.c
Examining data/acedb-4.9.39+dfsg.02/w7/pepgraphcol.c
Examining data/acedb-4.9.39+dfsg.02/w7/pephomolcol.c
Examining data/acedb-4.9.39+dfsg.02/w7/pepseqcol.c
Examining data/acedb-4.9.39+dfsg.02/w7/pmapconvert.c
Examining data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c
Examining data/acedb-4.9.39+dfsg.02/w7/smapconvert.c
Examining data/acedb-4.9.39+dfsg.02/w7/vmap_.h
Examining data/acedb-4.9.39+dfsg.02/w7/vmapdisp.c
Examining data/acedb-4.9.39+dfsg.02/w7/vmapdrag.c
Examining data/acedb-4.9.39+dfsg.02/w7/dendrogram.c
Examining data/acedb-4.9.39+dfsg.02/w8/aligntools.c
Examining data/acedb-4.9.39+dfsg.02/w8/basecallstat.c
Examining data/acedb-4.9.39+dfsg.02/w8/chronoorder.c
Examining data/acedb-4.9.39+dfsg.02/w8/defcpt.c
Examining data/acedb-4.9.39+dfsg.02/w8/dnaalign.c
Examining data/acedb-4.9.39+dfsg.02/w8/intrinsictree.c
Examining data/acedb-4.9.39+dfsg.02/w8/topology.c
Examining data/acedb-4.9.39+dfsg.02/w9/align.c
Examining data/acedb-4.9.39+dfsg.02/w9/asn.c
Examining data/acedb-4.9.39+dfsg.02/w9/blixem_.h
Examining data/acedb-4.9.39+dfsg.02/w9/blxmain.c
Examining data/acedb-4.9.39+dfsg.02/w9/blxparser.c
Examining data/acedb-4.9.39+dfsg.02/w9/blxselect.c
Examining data/acedb-4.9.39+dfsg.02/w9/dbidx.c
Examining data/acedb-4.9.39+dfsg.02/w9/diskdump.c
Examining data/acedb-4.9.39+dfsg.02/w9/diskfix.c
Examining data/acedb-4.9.39+dfsg.02/w9/dotter.c
Examining data/acedb-4.9.39+dfsg.02/w9/dotterKarlin.c
Examining data/acedb-4.9.39+dfsg.02/w9/embl.c
Examining data/acedb-4.9.39+dfsg.02/w9/fetch.c
Examining data/acedb-4.9.39+dfsg.02/w9/gfcode.c
Examining data/acedb-4.9.39+dfsg.02/w9/gmapdata.c
Examining data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c
Examining data/acedb-4.9.39+dfsg.02/w9/gmapphys.c
Examining data/acedb-4.9.39+dfsg.02/w9/hexcode.c
Examining data/acedb-4.9.39+dfsg.02/w9/readseq.c
Examining data/acedb-4.9.39+dfsg.02/w9/translate.c
Examining data/acedb-4.9.39+dfsg.02/w9/vmapdata2.c
Examining data/acedb-4.9.39+dfsg.02/w9/vmapphys.c
Examining data/acedb-4.9.39+dfsg.02/w9/blxview.c
Examining data/acedb-4.9.39+dfsg.02/w9/belvu.c
Examining data/acedb-4.9.39+dfsg.02/w9/dotterMain.c
Examining data/acedb-4.9.39+dfsg.02/w9/efetch.c
Examining data/acedb-4.9.39+dfsg.02/wabi/abifix.c
Examining data/acedb-4.9.39+dfsg.02/wabi/acemblyhook.c
Examining data/acedb-4.9.39+dfsg.02/wabi/annot.c
Examining data/acedb-4.9.39+dfsg.02/wabi/basecall.c
Examining data/acedb-4.9.39+dfsg.02/wabi/blyctrl.c
Examining data/acedb-4.9.39+dfsg.02/wabi/cdnaalign.c
Examining data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c
Examining data/acedb-4.9.39+dfsg.02/wabi/geneannot.c
Examining data/acedb-4.9.39+dfsg.02/wabi/intron2.c
Examining data/acedb-4.9.39+dfsg.02/wabi/myNetwork.c
Examining data/acedb-4.9.39+dfsg.02/wabi/nnbasecall.c
Examining data/acedb-4.9.39+dfsg.02/wabi/saucisse.c
Examining data/acedb-4.9.39+dfsg.02/wabi/trace.c
Examining data/acedb-4.9.39+dfsg.02/wac/ac.h
Examining data/acedb-4.9.39+dfsg.02/wac/ac_.h
Examining data/acedb-4.9.39+dfsg.02/wac/acclient.c
Examining data/acedb-4.9.39+dfsg.02/wac/acclient_.h
Examining data/acedb-4.9.39+dfsg.02/wac/acclient_acetcp.c
Examining data/acedb-4.9.39+dfsg.02/wac/acclient_rpc.c
Examining data/acedb-4.9.39+dfsg.02/wac/acclient_socket.c
Examining data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c
Examining data/acedb-4.9.39+dfsg.02/wac/accmd.c
Examining data/acedb-4.9.39+dfsg.02/wac/acctest.c
Examining data/acedb-4.9.39+dfsg.02/wac/acinside.c
Examining data/acedb-4.9.39+dfsg.02/wac/acinside_.h
Examining data/acedb-4.9.39+dfsg.02/wac/actable.c
Examining data/acedb-4.9.39+dfsg.02/wace/acediff.c
Examining data/acedb-4.9.39+dfsg.02/wace/acediffsorted.c
Examining data/acedb-4.9.39+dfsg.02/wace/acesubs.c
Examining data/acedb-4.9.39+dfsg.02/wace/makeUserPasswd.c
Examining data/acedb-4.9.39+dfsg.02/wace/pmapace.c
Examining data/acedb-4.9.39+dfsg.02/wace/pmapace2.c
Examining data/acedb-4.9.39+dfsg.02/wace/removeContinuations.c
Examining data/acedb-4.9.39+dfsg.02/wace/stockace.c
Examining data/acedb-4.9.39+dfsg.02/wace/homonym.c
Examining data/acedb-4.9.39+dfsg.02/wacext/kscount.c
Examining data/acedb-4.9.39+dfsg.02/waql/aql.c
Examining data/acedb-4.9.39+dfsg.02/waql/aql_.h
Examining data/acedb-4.9.39+dfsg.02/waql/aqlcheck.c
Examining data/acedb-4.9.39+dfsg.02/waql/aqldebug.c
Examining data/acedb-4.9.39+dfsg.02/waql/aqlerror.c
Examining data/acedb-4.9.39+dfsg.02/waql/aqlrun.c
Examining data/acedb-4.9.39+dfsg.02/wdce/acedbclientlib.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/acedbserverlib.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/aceserverconfigpp.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/aceserverconfigpp.h
Examining data/acedb-4.9.39+dfsg.02/wdce/aceservercontrolpanel.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/aceservercontrolpanel.h
Examining data/acedb-4.9.39+dfsg.02/wdce/asinstall.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/asinstall.h
Examining data/acedb-4.9.39+dfsg.02/wdce/asinstalldlg.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/asinstalldlg.h
Examining data/acedb-4.9.39+dfsg.02/wdce/asstdafx.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/asstdafx.h
Examining data/acedb-4.9.39+dfsg.02/wdce/client.c
Examining data/acedb-4.9.39+dfsg.02/wdce/client2service.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/client2service.h
Examining data/acedb-4.9.39+dfsg.02/wdce/introductionpp.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/completionpp.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/configps.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/configps.h
Examining data/acedb-4.9.39+dfsg.02/wdce/connectionspp.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/connectionspp.h
Examining data/acedb-4.9.39+dfsg.02/wdce/databasepp.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/databasepp.h
Examining data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c
Examining data/acedb-4.9.39+dfsg.02/wdce/dceprot.c
Examining data/acedb-4.9.39+dfsg.02/wdce/dceserver.c
Examining data/acedb-4.9.39+dfsg.02/wdce/dceserverlib.c
Examining data/acedb-4.9.39+dfsg.02/wdce/dceserverlib.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/dceservertimer.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/dceservertimer.h
Examining data/acedb-4.9.39+dfsg.02/wdce/installationhostpp.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/installationhostpp.h
Examining data/acedb-4.9.39+dfsg.02/wdce/introductionpp.h
Examining data/acedb-4.9.39+dfsg.02/wdce/my_dce.h
Examining data/acedb-4.9.39+dfsg.02/wdce/resource.h
Examining data/acedb-4.9.39+dfsg.02/wdce/rpcace.h
Examining data/acedb-4.9.39+dfsg.02/wdce/rpcace_c.c
Examining data/acedb-4.9.39+dfsg.02/wdce/rpcace_s.c
Examining data/acedb-4.9.39+dfsg.02/wdce/serviceregistrypp.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/serviceregistrypp.h
Examining data/acedb-4.9.39+dfsg.02/wdce/servicestatuspp.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/servicestatuspp.h
Examining data/acedb-4.9.39+dfsg.02/wdce/win32dcelib.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/win32service.c
Examining data/acedb-4.9.39+dfsg.02/wgd/gd.h
Examining data/acedb-4.9.39+dfsg.02/wgd/gd2gif.c
Examining data/acedb-4.9.39+dfsg.02/wgd/gdfont6x9.c
Examining data/acedb-4.9.39+dfsg.02/wgd/gdfont8x13.c
Examining data/acedb-4.9.39+dfsg.02/wgd/gdfont8x13bold.c
Examining data/acedb-4.9.39+dfsg.02/wgd/io.h
Examining data/acedb-4.9.39+dfsg.02/wgd/libgd.c
Examining data/acedb-4.9.39+dfsg.02/wgd/mtables.c
Examining data/acedb-4.9.39+dfsg.02/wgd/mtables.h
Examining data/acedb-4.9.39+dfsg.02/wgnbk/gnbkclientlib.c
Examining data/acedb-4.9.39+dfsg.02/wgnbk/gnbkserver.c
Examining data/acedb-4.9.39+dfsg.02/wgnbk/rpcgnbk_sp.c
Examining data/acedb-4.9.39+dfsg.02/wgnbk/gnbk.c
Examining data/acedb-4.9.39+dfsg.02/wgnbk/gnbkclient.c
Examining data/acedb-4.9.39+dfsg.02/wh/a.h
Examining data/acedb-4.9.39+dfsg.02/wh/a_.h
Examining data/acedb-4.9.39+dfsg.02/wh/acache.h
Examining data/acedb-4.9.39+dfsg.02/wh/ace.h
Examining data/acedb-4.9.39+dfsg.02/wh/aceclient.h
Examining data/acedb-4.9.39+dfsg.02/wh/acedb.h
Examining data/acedb-4.9.39+dfsg.02/wh/acedbgraph.h
Examining data/acedb-4.9.39+dfsg.02/wh/aceio.h
Examining data/acedb-4.9.39+dfsg.02/wh/aceiotypes.h
Examining data/acedb-4.9.39+dfsg.02/wh/acelib.h
Examining data/acedb-4.9.39+dfsg.02/wh/acelib_.h
Examining data/acedb-4.9.39+dfsg.02/wh/acembly.h
Examining data/acedb-4.9.39+dfsg.02/wh/acethread.h
Examining data/acedb-4.9.39+dfsg.02/wh/acetypes.h
Examining data/acedb-4.9.39+dfsg.02/wh/aceversion.h
Examining data/acedb-4.9.39+dfsg.02/wh/action.h
Examining data/acedb-4.9.39+dfsg.02/wh/adisk.h
Examining data/acedb-4.9.39+dfsg.02/wh/alignment.h
Examining data/acedb-4.9.39+dfsg.02/wh/alignment_.h
Examining data/acedb-4.9.39+dfsg.02/wh/aligntools.h
Examining data/acedb-4.9.39+dfsg.02/wh/annot.h
Examining data/acedb-4.9.39+dfsg.02/wh/apputils.h
Examining data/acedb-4.9.39+dfsg.02/wh/aql.h
Examining data/acedb-4.9.39+dfsg.02/wh/array.h
Examining data/acedb-4.9.39+dfsg.02/wh/b_.h
Examining data/acedb-4.9.39+dfsg.02/wh/banner.h
Examining data/acedb-4.9.39+dfsg.02/wh/basecall.h
Examining data/acedb-4.9.39+dfsg.02/wh/basepad.h
Examining data/acedb-4.9.39+dfsg.02/wh/biblio.h
Examining data/acedb-4.9.39+dfsg.02/wh/bindex.h
Examining data/acedb-4.9.39+dfsg.02/wh/bitset.h
Examining data/acedb-4.9.39+dfsg.02/wh/block.h
Examining data/acedb-4.9.39+dfsg.02/wh/blxview.h
Examining data/acedb-4.9.39+dfsg.02/wh/bs.h
Examining data/acedb-4.9.39+dfsg.02/wh/bs_.h
Examining data/acedb-4.9.39+dfsg.02/wh/bstree.h
Examining data/acedb-4.9.39+dfsg.02/wh/bu.h
Examining data/acedb-4.9.39+dfsg.02/wh/bump.h
Examining data/acedb-4.9.39+dfsg.02/wh/bump_.h
Examining data/acedb-4.9.39+dfsg.02/wh/byteswap.h
Examining data/acedb-4.9.39+dfsg.02/wh/cache.h
Examining data/acedb-4.9.39+dfsg.02/wh/cache_.h
Examining data/acedb-4.9.39+dfsg.02/wh/cachedisp.h
Examining data/acedb-4.9.39+dfsg.02/wh/call.h
Examining data/acedb-4.9.39+dfsg.02/wh/cdna.h
Examining data/acedb-4.9.39+dfsg.02/wh/cdnainit.h
Examining data/acedb-4.9.39+dfsg.02/wh/check.h
Examining data/acedb-4.9.39+dfsg.02/wh/chrono.h
Examining data/acedb-4.9.39+dfsg.02/wh/chrono_.h
Examining data/acedb-4.9.39+dfsg.02/wh/client.h
Examining data/acedb-4.9.39+dfsg.02/wh/getopt.h
Examining data/acedb-4.9.39+dfsg.02/wh/colcontrol.h
Examining data/acedb-4.9.39+dfsg.02/wh/colcontrol_.h
Examining data/acedb-4.9.39+dfsg.02/wh/colours.h
Examining data/acedb-4.9.39+dfsg.02/wh/command.h
Examining data/acedb-4.9.39+dfsg.02/wh/ctf.h
Examining data/acedb-4.9.39+dfsg.02/wh/das.h
Examining data/acedb-4.9.39+dfsg.02/wh/dbidx.h
Examining data/acedb-4.9.39+dfsg.02/wh/dbpath.h
Examining data/acedb-4.9.39+dfsg.02/wh/dendrogram.h
Examining data/acedb-4.9.39+dfsg.02/wh/dict.h
Examining data/acedb-4.9.39+dfsg.02/wh/disk.h
Examining data/acedb-4.9.39+dfsg.02/wh/diskPart.h
Examining data/acedb-4.9.39+dfsg.02/wh/disk_.h
Examining data/acedb-4.9.39+dfsg.02/wh/disk__.h
Examining data/acedb-4.9.39+dfsg.02/wh/display.h
Examining data/acedb-4.9.39+dfsg.02/wh/dna.h
Examining data/acedb-4.9.39+dfsg.02/wh/dnaalign.h
Examining data/acedb-4.9.39+dfsg.02/wh/dotter.h
Examining data/acedb-4.9.39+dfsg.02/wh/dotter_.h
Examining data/acedb-4.9.39+dfsg.02/wh/dump.h
Examining data/acedb-4.9.39+dfsg.02/wh/embl.h
Examining data/acedb-4.9.39+dfsg.02/wh/fingerp.h
Examining data/acedb-4.9.39+dfsg.02/wh/flag.h
Examining data/acedb-4.9.39+dfsg.02/wh/fmap.h
Examining data/acedb-4.9.39+dfsg.02/wh/forest.h
Examining data/acedb-4.9.39+dfsg.02/wh/freeout.h
Examining data/acedb-4.9.39+dfsg.02/wh/gelmap.h
Examining data/acedb-4.9.39+dfsg.02/wh/genecurate.h
Examining data/acedb-4.9.39+dfsg.02/wh/gex.h
Examining data/acedb-4.9.39+dfsg.02/wh/gff.h
Examining data/acedb-4.9.39+dfsg.02/wh/gmap.h
Examining data/acedb-4.9.39+dfsg.02/wh/gnbk.h
Examining data/acedb-4.9.39+dfsg.02/wh/graph.h
Examining data/acedb-4.9.39+dfsg.02/wh/graphAcedbInterface.h
Examining data/acedb-4.9.39+dfsg.02/wh/graphimage.h
Examining data/acedb-4.9.39+dfsg.02/wh/grid.h
Examining data/acedb-4.9.39+dfsg.02/wh/heap.h
Examining data/acedb-4.9.39+dfsg.02/wh/help.h
Examining data/acedb-4.9.39+dfsg.02/wh/help_.h
Examining data/acedb-4.9.39+dfsg.02/wh/html.h
Examining data/acedb-4.9.39+dfsg.02/wh/idcurate.h
Examining data/acedb-4.9.39+dfsg.02/wh/igdevent.h
Examining data/acedb-4.9.39+dfsg.02/wh/interval.h
Examining data/acedb-4.9.39+dfsg.02/wh/iupac.h
Examining data/acedb-4.9.39+dfsg.02/wh/java.h
Examining data/acedb-4.9.39+dfsg.02/wh/key.h
Examining data/acedb-4.9.39+dfsg.02/wh/keyset.h
Examining data/acedb-4.9.39+dfsg.02/wh/keysetdisp.h
Examining data/acedb-4.9.39+dfsg.02/wh/layoutdisp.h
Examining data/acedb-4.9.39+dfsg.02/wh/lex.h
Examining data/acedb-4.9.39+dfsg.02/wh/lex_bl_.h
Examining data/acedb-4.9.39+dfsg.02/wh/lex_sess_.h
Examining data/acedb-4.9.39+dfsg.02/wh/liste.h
Examining data/acedb-4.9.39+dfsg.02/wh/log.h
Examining data/acedb-4.9.39+dfsg.02/wh/longtext.h
Examining data/acedb-4.9.39+dfsg.02/wh/main.h
Examining data/acedb-4.9.39+dfsg.02/wh/map.h
Examining data/acedb-4.9.39+dfsg.02/wh/matchtable.h
Examining data/acedb-4.9.39+dfsg.02/wh/menu.h
Examining data/acedb-4.9.39+dfsg.02/wh/menu_.h
Examining data/acedb-4.9.39+dfsg.02/wh/method.h
Examining data/acedb-4.9.39+dfsg.02/wh/methodcache.h
Examining data/acedb-4.9.39+dfsg.02/wh/model.h
Examining data/acedb-4.9.39+dfsg.02/wh/myNetwork.h
Examining data/acedb-4.9.39+dfsg.02/wh/mydirent.h
Examining data/acedb-4.9.39+dfsg.02/wh/mystdlib.h
Examining data/acedb-4.9.39+dfsg.02/wh/mytime.h
Examining data/acedb-4.9.39+dfsg.02/wh/nace.h
Examining data/acedb-4.9.39+dfsg.02/wh/nace_com.h
Examining data/acedb-4.9.39+dfsg.02/wh/nqc.h
Examining data/acedb-4.9.39+dfsg.02/wh/opp.h
Examining data/acedb-4.9.39+dfsg.02/wh/oxgrid.h
Examining data/acedb-4.9.39+dfsg.02/wh/parse.h
Examining data/acedb-4.9.39+dfsg.02/wh/pepdisp.h
Examining data/acedb-4.9.39+dfsg.02/wh/pepgifcommand.h
Examining data/acedb-4.9.39+dfsg.02/wh/peptide.h
Examining data/acedb-4.9.39+dfsg.02/wh/pick.h
Examining data/acedb-4.9.39+dfsg.02/wh/plot.h
Examining data/acedb-4.9.39+dfsg.02/wh/pmap.h
Examining data/acedb-4.9.39+dfsg.02/wh/pmap_.h
Examining data/acedb-4.9.39+dfsg.02/wh/pref.h
Examining data/acedb-4.9.39+dfsg.02/wh/pref_.h
Examining data/acedb-4.9.39+dfsg.02/wh/qbe.h
Examining data/acedb-4.9.39+dfsg.02/wh/query.h
Examining data/acedb-4.9.39+dfsg.02/wh/query_.h
Examining data/acedb-4.9.39+dfsg.02/wh/querydisp.h
Examining data/acedb-4.9.39+dfsg.02/wh/readseq.h
Examining data/acedb-4.9.39+dfsg.02/wh/regular.h
Examining data/acedb-4.9.39+dfsg.02/wh/restriction.h
Examining data/acedb-4.9.39+dfsg.02/wh/saucisse.h
Examining data/acedb-4.9.39+dfsg.02/wh/session.h
Examining data/acedb-4.9.39+dfsg.02/wh/session_.h
Examining data/acedb-4.9.39+dfsg.02/wh/sessiondisp.h
Examining data/acedb-4.9.39+dfsg.02/wh/sigsubs.h
Examining data/acedb-4.9.39+dfsg.02/wh/smap.h
Examining data/acedb-4.9.39+dfsg.02/wh/smapconvert.h
Examining data/acedb-4.9.39+dfsg.02/wh/spread.h
Examining data/acedb-4.9.39+dfsg.02/wh/spread_.h
Examining data/acedb-4.9.39+dfsg.02/wh/status.h
Examining data/acedb-4.9.39+dfsg.02/wh/statusdisp.h
Examining data/acedb-4.9.39+dfsg.02/wh/strsubs.h
Examining data/acedb-4.9.39+dfsg.02/wh/table.h
Examining data/acedb-4.9.39+dfsg.02/wh/tabledisp.h
Examining data/acedb-4.9.39+dfsg.02/wh/topology.h
Examining data/acedb-4.9.39+dfsg.02/wh/tq_.h
Examining data/acedb-4.9.39+dfsg.02/wh/tree.h
Examining data/acedb-4.9.39+dfsg.02/wh/update.h
Examining data/acedb-4.9.39+dfsg.02/wh/utils.h
Examining data/acedb-4.9.39+dfsg.02/wh/version.h
Examining data/acedb-4.9.39+dfsg.02/wh/vmap.h
Examining data/acedb-4.9.39+dfsg.02/wh/vtxt.h
Examining data/acedb-4.9.39+dfsg.02/wh/xclient.h
Examining data/acedb-4.9.39+dfsg.02/whooks/class.c
Examining data/acedb-4.9.39+dfsg.02/whooks/classes.h
Examining data/acedb-4.9.39+dfsg.02/whooks/quovadis.c
Examining data/acedb-4.9.39+dfsg.02/whooks/sysclass.c
Examining data/acedb-4.9.39+dfsg.02/whooks/sysclass.h
Examining data/acedb-4.9.39+dfsg.02/whooks/systags.h
Examining data/acedb-4.9.39+dfsg.02/whooks/tags.c
Examining data/acedb-4.9.39+dfsg.02/whooks/tags.h
Examining data/acedb-4.9.39+dfsg.02/win32/startace.c
Examining data/acedb-4.9.39+dfsg.02/win32/winaceshell.c
Examining data/acedb-4.9.39+dfsg.02/wjo/o2m.c
Examining data/acedb-4.9.39+dfsg.02/wjo/oxgriddisp.c
Examining data/acedb-4.9.39+dfsg.02/wjo/oxhomlist.c
Examining data/acedb-4.9.39+dfsg.02/wjo/pairmapdisp.c
Examining data/acedb-4.9.39+dfsg.02/wjo/specg.c
Examining data/acedb-4.9.39+dfsg.02/wmd5/digcalc.c
Examining data/acedb-4.9.39+dfsg.02/wmd5/digcalc.h
Examining data/acedb-4.9.39+dfsg.02/wmd5/digtest.c
Examining data/acedb-4.9.39+dfsg.02/wmd5/global.h
Examining data/acedb-4.9.39+dfsg.02/wmd5/md5.h
Examining data/acedb-4.9.39+dfsg.02/wmd5/md5c.c
Examining data/acedb-4.9.39+dfsg.02/wmd5/mddriver.c
Examining data/acedb-4.9.39+dfsg.02/wnq/acelib.c
Examining data/acedb-4.9.39+dfsg.02/wnq/acelibtest.c
Examining data/acedb-4.9.39+dfsg.02/wnq/aceversion.c
Examining data/acedb-4.9.39+dfsg.02/wnq/bindex.c
Examining data/acedb-4.9.39+dfsg.02/wnq/flag.c
Examining data/acedb-4.9.39+dfsg.02/wnq/table.c
Examining data/acedb-4.9.39+dfsg.02/wnq/tagcount.c
Examining data/acedb-4.9.39+dfsg.02/wrpc/aceclient.c
Examining data/acedb-4.9.39+dfsg.02/wrpc/aceclientlib.c
Examining data/acedb-4.9.39+dfsg.02/wrpc/aceserver.c
Examining data/acedb-4.9.39+dfsg.02/wrpc/acesyb.c
Examining data/acedb-4.9.39+dfsg.02/wrpc/acesybase.c
Examining data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c
Examining data/acedb-4.9.39+dfsg.02/wrpc/jade2sybase.c
Examining data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c
Examining data/acedb-4.9.39+dfsg.02/wrpc/rpcace_sp.c
Examining data/acedb-4.9.39+dfsg.02/wrpc/test.client.c
Examining data/acedb-4.9.39+dfsg.02/wrpc/test.server.c
Examining data/acedb-4.9.39+dfsg.02/wrpc/xclient.c
Examining data/acedb-4.9.39+dfsg.02/wsocket/acesocket.c
Examining data/acedb-4.9.39+dfsg.02/wsocket/acesocket_.h
Examining data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c
Examining data/acedb-4.9.39+dfsg.02/wsocket/saceclient.c
Examining data/acedb-4.9.39+dfsg.02/wsocket/saceclient_.h
Examining data/acedb-4.9.39+dfsg.02/wsocket/sclient.c
Examining data/acedb-4.9.39+dfsg.02/wsocket/sclientlib.c
Examining data/acedb-4.9.39+dfsg.02/wsocket/sclientlib.h
Examining data/acedb-4.9.39+dfsg.02/wsocket/serverace.c
Examining data/acedb-4.9.39+dfsg.02/wsocket/serverace_.h
Examining data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c
Examining data/acedb-4.9.39+dfsg.02/wsocket/serverclientutils.c
Examining data/acedb-4.9.39+dfsg.02/wsocket/serverclientutils.h
Examining data/acedb-4.9.39+dfsg.02/wsocket/servertransport.h
Examining data/acedb-4.9.39+dfsg.02/wsocket/sxclient.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/Read.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/Read.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/abi.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/alf.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/ctf2scf.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/dnaacecode.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/dummy.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/dummy.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/error.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/error.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/filecompress.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/files.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/find.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/fpoint.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/fpoint.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/mach-io.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/mach-io.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/makeSCF.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/misc.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/misc_scf.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/os.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/plain.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/read_alloc.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/read_scf.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/scf.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/scf2ctf.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/seqIOALF.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/seqIOCTF.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/seqIOCTF.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/stadenarray.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/stadenarray.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/stadentranslate.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/traceType.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/traceType.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/write_scf.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/xalloc.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/xalloc.h
Examining data/acedb-4.9.39+dfsg.02/wtools/split.c
Examining data/acedb-4.9.39+dfsg.02/wzmap/seqregion.c
Examining data/acedb-4.9.39+dfsg.02/wzmap/seqregion.h
Examining data/acedb-4.9.39+dfsg.02/wzmap/stringbucket.c
Examining data/acedb-4.9.39+dfsg.02/wzmap/stringbucket.h
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmap.h
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapWindow.c
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapWindowButtons.c
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapWindowFrame.c
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapWindow_P.h
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapWindowmenubar.c
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapbccol.c
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapcalls.c
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapcalls.h
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapcols.c
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapcommon.h
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapcontrol.c
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapcontrol.h
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapmain.c
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapsequence.c
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapsplit.c
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapsplit.h
FINAL RESULTS:
data/acedb-4.9.39+dfsg.02/w4/logsubs.c:264:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
else if (chmod (dbPathMakeFilName("database", "oldlogs", 0, handle), 0755) == -1)
data/acedb-4.9.39+dfsg.02/w4/session.c:3600:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod (readlock_dir, 0777) == -1)
data/acedb-4.9.39+dfsg.02/w4/session.c:3681:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod (readlock_filename, 0666) == -1)
data/acedb-4.9.39+dfsg.02/w1/acein.c:269:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s%s%s", directory, SUBDIR_DELIMITER_STR, filename);
data/acedb-4.9.39+dfsg.02/w1/acein.c:298:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fil = popen((const char*)command, spec); /* will be closed in
data/acedb-4.9.39+dfsg.02/w1/acein.c:511:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fi->stream[fi->streamlevel].prompt, options[0].text);
data/acedb-4.9.39+dfsg.02/w1/acein.c:633:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fi->stream[fi->streamlevel].special, text) ;
data/acedb-4.9.39+dfsg.02/w1/acein.c:829:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system ((char*)fi->pos) ;
data/acedb-4.9.39+dfsg.02/w1/acein.c:1614:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (arrp(a, 0, char), text) ;
data/acedb-4.9.39+dfsg.02/w1/acein.c:1899:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fi->stream[fi->streamlevel].special, fi->stream[fi->streamlevel-1].special) ;
data/acedb-4.9.39+dfsg.02/w1/acein.c:2160:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, " -p %s", filename);
data/acedb-4.9.39+dfsg.02/w1/acein.c:2167:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, " -dc %s", filename);
data/acedb-4.9.39+dfsg.02/w1/acein.c:2171:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, " -c %s", filename);
data/acedb-4.9.39+dfsg.02/w1/acein.c:2177:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, " -dc %s", filename);
data/acedb-4.9.39+dfsg.02/w1/acein.c:2181:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, " -c %s", filename);
data/acedb-4.9.39+dfsg.02/w1/acein.c:2186:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, " %s", filename);
data/acedb-4.9.39+dfsg.02/w1/aceout.c:187:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fo->filename, "mailto:%s", address);
data/acedb-4.9.39+dfsg.02/w1/aceout.c:202:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fo->filename, directory);
data/acedb-4.9.39+dfsg.02/w1/aceout.c:203:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (fo->filename, SUBDIR_DELIMITER_STR);
data/acedb-4.9.39+dfsg.02/w1/aceout.c:204:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (fo->filename, filename);
data/acedb-4.9.39+dfsg.02/w1/aceout.c:208:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (fo->filename, extension);
data/acedb-4.9.39+dfsg.02/w1/aceout.c:229:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fo->filename, "mailto:%s", address);
data/acedb-4.9.39+dfsg.02/w1/call.c:159:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
nn = system (buildCommand (s, dir, script, args)) ;
data/acedb-4.9.39+dfsg.02/w1/call.c:181:10: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
pipe = popen (command, "r" ) ;
data/acedb-4.9.39+dfsg.02/w1/dict.c:325:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dVoc->base + dVoc->curr, s) ;
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:248:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path_copy, path);
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:279:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (name, F_OK) == 0)
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:292:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (name, R_OK) == 0)
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:305:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (name, W_OK) == 0) /* requires file exists */
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:327:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return !(access (".", W_OK)) ;
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:330:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
result = !(access (name, W_OK)) ;
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:335:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return (access (name, X_OK) == 0) ;
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:353:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(posix, name);
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:604:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(realname, nam);
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:606:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(realname, suffix);
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:827:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (entryPathName, dirName) ;
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:839:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (leaf, dName) ;
data/acedb-4.9.39+dfsg.02/w1/freeout.c:219:9: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
len = vsprintf (message, format, ap) ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:156:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (stream[streamlevel].special, text) ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:187:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (!currfil ? "From text >" : "From file >") ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:313:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system ((char*)pos) ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:433:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (stream[streamlevel].special, stream[streamlevel-1].special) ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1388:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cq, array(translations, i, ARRAYTYPE).protect) ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:205:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s/%s.html",
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:213:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s/%s.shtml",
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:237:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s%s%s.%s",
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:261:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s%s%s.%s",
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:291:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s%s%s",
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:370:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (link_path, link);
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:377:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (link_path, helpGetDir());
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:378:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (link_path, SUBDIR_DELIMITER_STR);
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:379:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (link_path, link);
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:388:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (link_path, helpGetDir());
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:389:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (link_path, SUBDIR_DELIMITER_STR);
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:390:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (link_path, filDirEntry(dirs, i++));
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:391:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (link_path, SUBDIR_DELIMITER_STR);
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:392:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (link_path, link);
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:531:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cp, s+2) ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:567:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text,
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:621:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cp, "<LI><A HREF=%s.%s>%s</A>\n",
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:685:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (s+1, s+5) ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:690:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (s+1, s+5) ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:695:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (s+1, s+5) ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:700:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (s+1, s+5) ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:705:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (s+1, s+6) ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:710:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (s+1, s+5) ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:715:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (s+1, s+4) ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:720:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (s+1, s+4) ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:725:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (s+1, s+6) ;
data/acedb-4.9.39+dfsg.02/w1/memsubs.c:186:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (sprintf(&(buffer[0]),
data/acedb-4.9.39+dfsg.02/w1/memsubs.c:255:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, old);
data/acedb-4.9.39+dfsg.02/w1/messubs.c:500:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
rc = sprintf(prefix, CRASH_PREFIX, getErrorPrefix(), getErrorFile(), getErrorLine()) ;
data/acedb-4.9.39+dfsg.02/w1/timesubs.c:750:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, messprintf ("%d", ddiff)) ;
data/acedb-4.9.39+dfsg.02/w1/timesubs.c:753:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, messprintf ("%d_", ddiff)) ;
data/acedb-4.9.39+dfsg.02/w1/timesubs.c:754:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, messprintf ("%02d:%02d", hdiff, mindiff)) ;
data/acedb-4.9.39+dfsg.02/w1/timesubs.c:756:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, messprintf (":%02d", sdiff)) ;
data/acedb-4.9.39+dfsg.02/w1/timesubs.c:763:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, messprintf ("%d-%02d-0", ydiff, mdiff)) ;
data/acedb-4.9.39+dfsg.02/w1/timesubs.c:765:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, messprintf ("%d-0", mdiff)) ;
data/acedb-4.9.39+dfsg.02/w1/utils.c:151:6: [4] (misc) getlogin:
It's often easy to fool getlogin. Sometimes it does not work at all,
because some program messed up the utmp file. Often, it gives only the
first 8 characters of the login name. The user currently logged in on the
controlling tty of our program need not be the user who started it. Avoid
getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
and extract the desired information instead.
if (getlogin())
data/acedb-4.9.39+dfsg.02/w1/utils.c:152:19: [4] (misc) getlogin:
It's often easy to fool getlogin. Sometimes it does not work at all,
because some program messed up the utmp file. Often, it gives only the
first 8 characters of the login name. The user currently logged in on the
controlling tty of our program need not be the user who started it. Avoid
getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
and extract the desired information instead.
rname = strnew(getlogin(), 0) ;
data/acedb-4.9.39+dfsg.02/w1/vtxt.c:308:9: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
len = vsprintf(cp, format, ap) ;
data/acedb-4.9.39+dfsg.02/w2/colcontrol.c:595:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(instance->name, name);
data/acedb-4.9.39+dfsg.02/w2/colcontrol.c:1676:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (map->cursor.text, messprintf ("%.*f", map->cursor.resolution, z)) ;
data/acedb-4.9.39+dfsg.02/w2/colcontrol.c:1801:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (map->cursor.text,
data/acedb-4.9.39+dfsg.02/w2/filquery.c:175:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dirName, cp);
data/acedb-4.9.39+dfsg.02/w2/filquery.c:235:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cp, cq) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:277:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fileName, endName) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:304:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fileName, filDirEntry(dirList, 0)) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:325:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cp, cq) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:352:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tempName, arr(boxes, k, char*)) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:356:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy (fileName, tempName) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:375:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dirName, tempName) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:389:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tempName, arr(boxes,k,char*)) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:392:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy (fileName, tempName);
data/acedb-4.9.39+dfsg.02/w2/filquery.c:469:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dirName, getenv("PWD")) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:471:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dirName, path) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:515:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy (path, dirName) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:525:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, fileName) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:528:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, endName) ;
data/acedb-4.9.39+dfsg.02/w2/gex.c:725:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(selectedPath, fileName);
data/acedb-4.9.39+dfsg.02/w2/gex.c:731:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(types_buff, "%s Files (*.%s)\01*.%s\01"
data/acedb-4.9.39+dfsg.02/w2/gex.c:773:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fileName, selectedPath+ofn.nFileOffset);
data/acedb-4.9.39+dfsg.02/w2/gex.c:775:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s%s%s",
data/acedb-4.9.39+dfsg.02/w2/gex.c:804:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fileName, &fname[i]);
data/acedb-4.9.39+dfsg.02/w2/gex.c:944:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s%s%s",
data/acedb-4.9.39+dfsg.02/w2/gex.c:2259:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(file_name, "%s.%d.%s",
data/acedb-4.9.39+dfsg.02/w2/gex.c:2355:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(messprintf("lpr -P%s %s", printer, tmpFileName));
data/acedb-4.9.39+dfsg.02/w2/gex.c:2363:4: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(messprintf("cat %s | Mail -s \"%s\" %s",
data/acedb-4.9.39+dfsg.02/w2/gex.c:2374:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(messprintf("cp %s %s", tmpFileName, target));
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:410:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dname, helpGetDir());
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:420:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(helpFilename, "%s%s%s",
data/acedb-4.9.39+dfsg.02/w2/graphascii.c:309:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system (stackText(pc, 0)))
data/acedb-4.9.39+dfsg.02/w2/graphascii.c:317:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system (messprintf ("Mail -s \"%s\" %s < %s",
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:1874:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(text2,label);
data/acedb-4.9.39+dfsg.02/w2/graphgdkremote.c:285:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
result = (system(messprintf("open %s &", orig_link)) == 0) ;
data/acedb-4.9.39+dfsg.02/w2/graphgdkremote.c:345:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return (system(messprintf("netscape %s &", link)) == 0);
data/acedb-4.9.39+dfsg.02/w2/graphgdkremote.c:362:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rec->command, "openFILE(%s)", link);
data/acedb-4.9.39+dfsg.02/w2/graphgdkremote.c:364:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rec->command, "openURL(%s)", link);
data/acedb-4.9.39+dfsg.02/w2/graphgdkremote.c:485:3: [4] (shell) ShellExecute:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ShellExecute(0, "open", winname, 0, 0, 0);
data/acedb-4.9.39+dfsg.02/w2/graphgtk.c:1399:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr, selection_string);
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:199:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pd->printerBuffer, arr(pd->printers, 0, char*)) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:202:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pd->printerBuffer, "lpr -P%s",
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:245:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (pd->scaleText, messprintf ("%5.3f", pd->scale)) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:305:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(stackText(s, 0)))
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:493:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pd->copyBuffer, "%s/%s.%s", pd->dirBuffer, pd->filBuffer, ending) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:533:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pd->dirBuffer, input) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:538:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pd->filBuffer, ++cp) ; /* save the name */
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:551:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (c2, c1) ; /* put both together */
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:559:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (c1, c2) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:563:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pd->dirBuffer, c1) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:571:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (c1, c2) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:606:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pd->copyBuffer, "%s%s.%s",
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:609:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pd->copyBuffer, "%s/%s.%s",
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:647:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (arr(pl, n, char*), cp) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:961:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pd->copyBuffer, "%s/%s.%s",
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:973:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pd->copyBuffer, "%s/%s.%s",
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1052:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (pd->scaleText, messprintf ("%5.3f", pd->scale)) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1121:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (result->mailerBuffer, getLogin(TRUE));
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1148:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (result->printerBuffer, arr(result->printers, 0, char*)) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1150:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (result->printerBuffer, "lpr -P%s",
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1159:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (result->dirBuffer, cp = filGetName ("PS", "", "wd", 0)) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1163:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (result->dirBuffer, getenv("PWD")) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1194:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fb, (cp = graphHelp(0)) ? cp : "acedb" ) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1259:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (fb, messprintf(".%d", nn++)) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1260:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (lastPd->filBuffer, fb) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1276:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (lastPd->copyBuffer, "%s/%s.%s", lastPd->dirBuffer, lastPd->filBuffer, ending) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:2535:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(o[i].text, options[i].text);
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:2617:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(o[i].text, options[i].text);
data/acedb-4.9.39+dfsg.02/w2/graphtest.c:153:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (prompt,freeword()) ;
data/acedb-4.9.39+dfsg.02/w2/viewedit.c:145:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, namein);
data/acedb-4.9.39+dfsg.02/w2/viewedit.c:414:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(view->buffer, instance->name);
data/acedb-4.9.39+dfsg.02/w2/xremotemain.c:191:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (display_str, getenv("DISPLAY"));
data/acedb-4.9.39+dfsg.02/w2/xremotemain.c:199:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (display_str, argv[i+1]);
data/acedb-4.9.39+dfsg.02/w2/xremotemain.c:286:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (commands[remoteArgNum-1], argv[i]);
data/acedb-4.9.39+dfsg.02/w4/command.c:1228:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dumpDir, cp = filGetName(dumpDir, "", "rd", 0));
data/acedb-4.9.39+dfsg.02/w4/command.c:1248:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dumpDir, cp);
data/acedb-4.9.39+dfsg.02/w4/command.c:1272:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (dumpDir, SUBDIR_DELIMITER_STR);
data/acedb-4.9.39+dfsg.02/w4/commandmenu.c:527:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&(prev_word[0]), word) ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:476:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (date, timeShow (timeParse ("today"))) ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:479:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (name, DUMPNAME_CLASS, dumpDir, date, letter, classname, nn) ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:481:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (name, DUMPNAME, dumpDir, date, letter, nn) ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:486:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (name, DUMPNAME_CLASS, dumpDir, date, letter, classname, nn) ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:488:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (name, DUMPNAME, dumpDir, date, letter, nn) ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:493:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (name, DUMPNAME_CLASS, dumpDir, date, letter, classname, nn) ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:495:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (name, DUMPNAME, dumpDir, date, letter, nn);
data/acedb-4.9.39+dfsg.02/w4/dump.c:535:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (directory, dumpDir);
data/acedb-4.9.39+dfsg.02/w4/dump.c:622:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (!strcpy(dirSelection, dirname))
data/acedb-4.9.39+dfsg.02/w4/dump.c:632:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fileSelection, DUMPALLNAME_REGEXP) ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:873:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dumpDir, dir) ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:1007:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (dumpDir,"%s/", directory);
data/acedb-4.9.39+dfsg.02/w4/gifcommand.c:374:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fileName, fp);
data/acedb-4.9.39+dfsg.02/w4/gifcommand.c:427:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fileName, fp);
data/acedb-4.9.39+dfsg.02/w4/logsubs.c:291:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(logFileBackupName, "%s-%s", old_logname, timeShow(timeNow()));
data/acedb-4.9.39+dfsg.02/w4/logsubs.c:293:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(logFileBackupName, "%s", old_logname) ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:1457:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mainPick->template, pickFirstTemplate);
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:1579:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (mainPick->grepText, mainPick->template) ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:1583:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (mainPick->grepText, mainPick->template) ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:1589:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (mainPick->grepText, mainPick->template) ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:1729:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mainPick->template, pickFirstTemplate);
data/acedb-4.9.39+dfsg.02/w4/model.c:430:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "?%s",className(bs->key)) ;
data/acedb-4.9.39+dfsg.02/w4/model.c:434:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "#%s",className(bs->key)) ;
data/acedb-4.9.39+dfsg.02/w4/model.c:453:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(buf, "?%s",cp + 1) ;
data/acedb-4.9.39+dfsg.02/w4/model.c:494:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(buf, "?%s",className(one->key)) ;
data/acedb-4.9.39+dfsg.02/w4/parse.c:446:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pdisp->dirSelection, getenv("ACEDB_DATA")) ;
data/acedb-4.9.39+dfsg.02/w4/parse.c:448:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pdisp->dirSelection,
data/acedb-4.9.39+dfsg.02/w4/parse.c:451:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pdisp->dirSelection, dbPathMakeFilName("", "", "", handle));
data/acedb-4.9.39+dfsg.02/w4/parse.c:1996:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pdisp->itemText,
data/acedb-4.9.39+dfsg.02/w4/parse.c:2062:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pdisp->nparsedText, messprintf("%d", pf->nob)) ;
data/acedb-4.9.39+dfsg.02/w4/parse.c:2063:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pdisp->nokText, messprintf("%d", pf->nok)) ;
data/acedb-4.9.39+dfsg.02/w4/parse.c:2064:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pdisp->nerrorText, messprintf("%d", pf->nerr)) ;
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:294:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(namebuff+1, item->name);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:295:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(valbuff, item->value.bval ? "T" : "F");
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:300:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(namebuff+1, item->name);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:306:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(namebuff+1, item->name);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:312:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(namebuff+1, item->name);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:347:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(filename,getenv("HOME"));
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:382:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename,getenv("HOME"));
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:465:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(item.name, SPLASH_SCREEN) ;
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:525:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(item.name, BLIXEM_SCOPE);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:534:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(item.name, BLIXEM_HOMOL_MAX);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:544:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(item.name, BLIXEM_EXTERNAL);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:555:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(item.name, BLIXEM_SCRIPT);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:566:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(item.name, BLIXEM_TEMPFILES);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:577:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(item.name, BLIXEM_PFETCH) ;
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:587:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(item.name, BLIXEM_NETID);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:598:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(item.name, BLIXEM_PORT_NUMBER);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:609:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(item.name, USE_MSG_LIST);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:618:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(item.name, MAX_MSG_LIST_LENGTH) ;
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:627:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(item.name, DNA_HIGHLIGHT_IN_FMAP_DISPLAY);
data/acedb-4.9.39+dfsg.02/w4/queryexe.c:2097:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(isLeft ? "< " : "> ") ;
data/acedb-4.9.39+dfsg.02/w4/session.c:465:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (text_copy, mesg_buf);
data/acedb-4.9.39+dfsg.02/w4/session.c:1843:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dbname, word) ;
data/acedb-4.9.39+dfsg.02/w4/session.c:1939:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fullFileName, directoryPath);
data/acedb-4.9.39+dfsg.02/w4/session.c:1940:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (fullFileName, SUBDIR_DELIMITER_STR);
data/acedb-4.9.39+dfsg.02/w4/session.c:1941:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (fullFileName, filDirEntry(dirList, n));
data/acedb-4.9.39+dfsg.02/w4/session.c:2146:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (theSuperBlock.dbName, getConfiguredDatabaseName());
data/acedb-4.9.39+dfsg.02/w4/session.c:2881:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(block_name, F_OK) == 0) /* No equivalent in filsubs.c ? */
data/acedb-4.9.39+dfsg.02/w4/session.c:2903:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access, block_name) ;
data/acedb-4.9.39+dfsg.02/w4/session.c:2906:5: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access, block_name) ;
data/acedb-4.9.39+dfsg.02/w4/session.c:3642:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(readlock_filename, "%s/%d.%s.%d",
data/acedb-4.9.39+dfsg.02/w4/session.c:3731:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(new_filename, "%s/%d.%s.%d",
data/acedb-4.9.39+dfsg.02/w4/session.c:3748:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (readlock_filename, new_filename);
data/acedb-4.9.39+dfsg.02/w4/session.c:3842:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(lockfile_name, "%s/%s",
data/acedb-4.9.39+dfsg.02/w4/session.c:3871:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (cp2, "%s", file_host_name) != 1) continue;
data/acedb-4.9.39+dfsg.02/w4/update.c:170:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fileName, getenv("ACEDB_DATA")) ;
data/acedb-4.9.39+dfsg.02/w4/update.c:178:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fileName, rawdir) ;
data/acedb-4.9.39+dfsg.02/w4/update.c:210:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fn, messprintf ("/update.%s.%d-%d",
data/acedb-4.9.39+dfsg.02/w4/update.c:215:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fn, messprintf ("/update.%d-%d",
data/acedb-4.9.39+dfsg.02/w5/adisk.c:339:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(messprintf("\\rm -f %s/*.ace5", dbDir)) ;
data/acedb-4.9.39+dfsg.02/w5/adisk.c:359:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (p->name, cp) ;
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1532:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
! (strcpy (pp->hostname, cp), aceInWord (dbdef_in)) ||
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1533:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
! (strcpy (pp->fileSystem, cp), aceInWord (dbdef_in)) ||
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1534:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
! (strcpy (pp->fileName, cp)) ||
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1625:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fileSystem, pp->fileSystem) ;
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1626:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fileName, pp->fileName);
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1629:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( mapString, "%d %s %s %s %d %d %d\n",
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1680:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fileSystem, pp->fileSystem);
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1681:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fileName, pp->fileName);
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1810:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(strcpy(pp->hostname, cp), !(cp = aceInWord(dbmap_in))) ||
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1811:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(strcpy(pp->fileSystem, cp), !(cp = aceInWord(dbmap_in))) ||
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1812:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(strcpy(pp->fileName, cp), !aceInInt (dbmap_in, &pp->maxBlocks)) ||
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1872:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(error_text, "Check that the database %s is %s by %s\n",
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1890:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(error_text, "The attempt to %s partition file was "
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1907:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(error_text, "The database disk is full "
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1920:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(error_text, "The database files are located on a read-only file-system.%s\n", hint);
data/acedb-4.9.39+dfsg.02/w5/lexsubs4.c:1359:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, format, classNam, nam) ;
data/acedb-4.9.39+dfsg.02/w5/lexsubs4.c:1627:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (oldName, newName) ;
data/acedb-4.9.39+dfsg.02/w6/acedbgraph.c:861:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(viewnam, s);
data/acedb-4.9.39+dfsg.02/w6/bssubs.c:1491:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (bs->bt->cp, (char*)xp) ;
data/acedb-4.9.39+dfsg.02/w6/bstree.c:356:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cq,u);
data/acedb-4.9.39+dfsg.02/w6/bstree.c:361:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cq,v);
data/acedb-4.9.39+dfsg.02/w6/display.c:645:34: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (arr(a, i, BSunit).s) strcpy(new, arr(a, i, BSunit).s);
data/acedb-4.9.39+dfsg.02/w6/display.c:646:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new, url);
data/acedb-4.9.39+dfsg.02/w6/display.c:647:36: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (arr(a, i+1, BSunit).s) strcat(new, arr(a, i+1, BSunit).s);
data/acedb-4.9.39+dfsg.02/w6/forest.c:275:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (buf, forest->mot) ;
data/acedb-4.9.39+dfsg.02/w6/ksetdisp.c:1996:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, messprintf ("%s %d items\n",
data/acedb-4.9.39+dfsg.02/w6/longtextdisp.c:413:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(messprintf("acedb_editor /tmp/acedb.editor.%d &", n)) ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:330:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(look->title, "%s", look->fileName) ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:1032:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(look->title, "%s", title) ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:1034:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (look->title , "%s", "Histogram");
data/acedb-4.9.39+dfsg.02/w6/plot.c:1035:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(look->subtitle, "%s", subtitle) ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:1217:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(look->title, "%s", look->fileName) ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:1252:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(look->fileName, look->title) ;
data/acedb-4.9.39+dfsg.02/w6/plot2d.c:717:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p2d->title, "%s", title) ;
data/acedb-4.9.39+dfsg.02/w6/plot2d.c:718:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p2d->subtitleX, "%s", subtitleX) ;
data/acedb-4.9.39+dfsg.02/w6/plot2d.c:719:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p2d->subtitleY, "%s", subtitleY) ;
data/acedb-4.9.39+dfsg.02/w6/prefdisp.c:144:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prefDispValue[i].sval, item->value.sval) ;
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:303:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ARR2STRING(classlist, n), className(k));
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:341:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((classesMenu + i)->text, CLASSLIST_NAME(i - 1));
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:357:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qbe_class_buffer, (classesMenu+k)->text);
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:384:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(text, pickClass2Word(qbe_class));
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:397:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(text, pickClass2Word(qbe_class));
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:534:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, messprintf("Find %s",pickClass2Word(qbe_class)));
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:537:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, messprintf(" %s", item_buffer));
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:552:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer,
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:561:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, messprintf(" %c NEXT", conjunction_op));
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:569:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, ((tagnotvalue) ? messprintf(" %s", tagval->name) :
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:574:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, ((tagnotvalue) ?
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:587:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, messprintf(" %c NEXT", conjunction_op));
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:836:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tagval->name, text);
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:996:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qbe_class_buffer, currentClassName());
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:176:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ARR2STRING(classlist, n), className(k));
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:268:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, qbuild->preclass_syntax);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:269:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(result, qbuild->classtag_syntax);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:314:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(result, ARR2STRING(qbuild->syntax, i));
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:428:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(qbuild->preclass_syntax, qbuild->preclass_entry);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:490:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qbuild->classtag_syntax, qbuild->classtag_entry);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:506:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qbuild->classtag_syntax, qbuild->classtag_entry);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:620:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(syntax_a, entry_a);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:640:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(syntax_a, entry_a);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:702:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(syntax_c, entry_c);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:814:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(syntax_v, entry_v);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:927:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(syntax_j, entry_j);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1192:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_entry, stackText(resstack, 0));
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1201:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_entry, (attrMenu + k)->text);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1206:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_entry, (condMenu + k)->text);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1210:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_entry, (valueMenu + k)->text);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1214:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_entry, (conjMenu + k)->text);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1249:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qbuild->classtag_entry, stackText(resstack, 0));
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1258:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qbuild->classtag_entry, (classtagMenu + k)->text);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1267:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qbuild->preclass_entry, (preclassMenu + k)->text);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1297:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((preclassMenu + i)->text, ARR2STRING(classlist, i - 3));
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1333:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((newMenu + i)->text, KEYLIST_NAME(i - 2, classtagkeyset));
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1356:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((newMenu + i)->text, ARR2STRING(classlist, i - 3));
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1440:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((newMenu + i)->text, KEYLIST_NAME(i - 3, attrkeyset));
data/acedb-4.9.39+dfsg.02/w6/querydisp.c:142:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (auto_filename, autosaveCreateName()) ;
data/acedb-4.9.39+dfsg.02/w6/querydisp.c:699:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (quer->dirName, cp) ;
data/acedb-4.9.39+dfsg.02/w6/tablemakerdisp.c:252:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmdisp->dirSelection, cp);
data/acedb-4.9.39+dfsg.02/w6/tablemakerdisp.c:258:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmdisp->dirSelection, cp);
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:2608:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (bs->bt->cp, text) ;
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:3056:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(look->tagWarp, pattern);
data/acedb-4.9.39+dfsg.02/w7/alignmentdisp.c:191:18: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
pipe = (FILE *)popen(messprintf("%s %s", script, name(key)), "w");
data/acedb-4.9.39+dfsg.02/w7/alignmentdisp.c:206:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf (domain, "%s/%d-%d", name(c->key), c->start, c->end) ;
data/acedb-4.9.39+dfsg.02/w7/cmapdisp.c:1510:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (col->name, name) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3276:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dirName, getenv("ACEDB_DATA")) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3281:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dirName, cp) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3923:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(currentParent->name,listname) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:4050:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dirName, getenv("ACEDB_DATA")) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:4055:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dirName, cp) ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:1221:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dnacpt->restriction2,dnacpt->restriction) ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:1405:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dnacpt->restriction2,dnacpt->restriction) ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:2012:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, codonFullName[i]) ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:2187:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, codonFullName[codon]) ; /* 5, 6, 7 */
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:2189:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, messprintf("%5.1f%%", arr(usage,codon,int)/ 10.0)) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4013:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (look->segTextBuf,
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4018:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (look->segTextBuf,
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4052:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(look->segTextBuf, messprintf(" %s %s", confirm->confirm_str,
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4062:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (look->segTextBuf,
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4067:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (look->segTextBuf,
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4118:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (look->segTextBuf,
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4136:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (look->segTextBuf,
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4167:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (look->segTextBuf,
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4185:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (look->segTextBuf,
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4234:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (look->segTextBuf, messprintf ("%.0f%% ", seg->data.f)) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4236:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (look->segTextBuf, messprintf ("%.3g ", seg->data.f)) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4263:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (look->segTextBuf, messprintf (" Tm: %3.1f ", (float)(i/10.0))) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4266:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (look->segTextBuf, messprintf (" Score: %d ", i)) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4273:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (look->segTextBuf, messprintf (" (%s) ", nameWithClassDecorate(seg->data.k))) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcurate.c:431:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (at->newValue, "[%s %s] ",
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:2237:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (msp->sname, name(seg->key)) ;
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:2240:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (msp->qframe, messprintf ("(-%d)", 1 + ((max-min+1) - msp->qstart) % 3)) ;
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:2242:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (msp->qframe, messprintf ("(+%d)", 1 + (msp->qstart-1) % 3)) ;
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:2268:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (msp->sname, "%sx", name(seg->parent)) ; /* x for exon */
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:2289:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msp->sname, "%si", name(seg->parent)) ; /* i for intron */
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:4812:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "pfetch -F '%s' &", name(key));
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:4813:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(title, "pfetch: %s", name(key));
data/acedb-4.9.39+dfsg.02/w7/fmapgene.c:817:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (parmsName, name(key)) ;
data/acedb-4.9.39+dfsg.02/w7/fmaposp.c:1432:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(oligoName, look->oligoNameBuffer) ;
data/acedb-4.9.39+dfsg.02/w7/fmaposp.c:1441:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (oligoName, messprintf("%d",pos)) ;
data/acedb-4.9.39+dfsg.02/w7/fmaposp.c:1443:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (oligoNameBegin, oligoName) ;
data/acedb-4.9.39+dfsg.02/w7/fmaposp.c:1447:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (oligoName, oligoNameBegin) ;
data/acedb-4.9.39+dfsg.02/w7/fmaposp.c:1449:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (oligoName, messprintf("%d", suffix)) ;
data/acedb-4.9.39+dfsg.02/w7/fmaposp.c:1463:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (oligoName, aceInPos(name_in)) ;
data/acedb-4.9.39+dfsg.02/w7/fmaposp.c:1533:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (look->oligoNameBuffer, oligoName) ;
data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c:462:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (look->segTextBuf,
data/acedb-4.9.39+dfsg.02/w7/gmapconvert.c:70:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, name(map));
data/acedb-4.9.39+dfsg.02/w7/gmapconvert.c:72:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, suffix);
data/acedb-4.9.39+dfsg.02/w7/gmapconvert.c:82:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, name(map));
data/acedb-4.9.39+dfsg.02/w7/gmapconvert.c:84:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, suffix);
data/acedb-4.9.39+dfsg.02/w7/gmapconvert.c:95:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, name(map));
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:326:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(look->messageText, messprintf(" %.2f", seg->x - seg->dx));
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:327:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(look->messageText, messprintf(" %.2f", seg->x + seg->dx));
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:850:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cf->query,private->query);
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:853:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cf->tag,"%s",name(private->symbolTag));
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:858:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cf->temp[i],arrp(private->colours, i, TAGCOLOUR)->text);
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:934:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(private->query, cf->query);
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:960:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, cf->temp[i]);
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:1076:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(private->query, s1);
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:1092:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new, s1);
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:216:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(look->messageText, messprintf(" %.2f", seg->x));
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:217:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(look->messageText, messprintf(" [%.2f]", seg->dx));
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:604:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cf->query,private->query);
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:611:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (t->query, "%s", q->query);
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:622:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(q->text,"%s",t->text);
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:704:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(private->query, cf->query);
data/acedb-4.9.39+dfsg.02/w7/gmapposnegcol.c:480:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cf->query,private->query);
data/acedb-4.9.39+dfsg.02/w7/gmapposnegcol.c:520:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(private->query, cf->query);
data/acedb-4.9.39+dfsg.02/w7/gmapposnegcol.c:560:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(private->query, s1);
data/acedb-4.9.39+dfsg.02/w7/gmapremarkcol.c:417:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cf->query,private->query);
data/acedb-4.9.39+dfsg.02/w7/gmapremarkcol.c:421:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cf->temp[i],name(arr(private->tags, i, KEY)));
data/acedb-4.9.39+dfsg.02/w7/gmapsubmapcol.c:953:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cf->lociQuery, private->lociQuery);
data/acedb-4.9.39+dfsg.02/w7/gmapsubmapcol.c:955:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cf->intQuery, private->intQuery);
data/acedb-4.9.39+dfsg.02/w7/gmapsubmapcol.c:1005:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(private->intQuery, cf->intQuery);
data/acedb-4.9.39+dfsg.02/w7/gmapsubmapcol.c:1022:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(private->lociQuery, cf->lociQuery);
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:451:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp,"%s%s%s",prefix,colchar,rowchar);
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:458:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seg->name,temp);
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:1780:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(look->genXLabel, text) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:1793:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(look->genYLabel, text) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:2933:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (look->reportBuffer, GRID_REPORT_BOX_OVERFLOW) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:2938:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (look->reportBuffer, name(tab->tag)) ;
data/acedb-4.9.39+dfsg.02/w7/mapcontrol.c:215:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (strcpy(r.name, name) == NULL)
data/acedb-4.9.39+dfsg.02/w7/mapcontrol.c:1098:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (map->cursor.text, messprintf ("%.2f",z)) ;
data/acedb-4.9.39+dfsg.02/w7/mapcontrol.c:1100:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (map->cursor.text, messprintf ("%.0f",z)) ;
data/acedb-4.9.39+dfsg.02/w7/mapcontrol.c:1128:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (map->cursor.text, messprintf ("%.2f",z)) ;
data/acedb-4.9.39+dfsg.02/w7/mapcontrol.c:1130:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (map->cursor.text, messprintf ("%.0f",z)) ;
data/acedb-4.9.39+dfsg.02/w7/metab.c:1339:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf,text);
data/acedb-4.9.39+dfsg.02/w7/metab.c:1442:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dname,"%s Diagram Info",name(pwkey));
data/acedb-4.9.39+dfsg.02/w7/metab.c:1712:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"No reactants/products listed for %s;\n\
data/acedb-4.9.39+dfsg.02/w7/pepdisp.c:452:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buff, messprintf("%s ", name(mk)));
data/acedb-4.9.39+dfsg.02/w7/pepfeaturecol.c:198:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cf->query,"%s",private->query);
data/acedb-4.9.39+dfsg.02/w7/pepfeaturecol.c:276:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(look->messageText, messprintf(" %d %d ",feature->x1,feature->x2));
data/acedb-4.9.39+dfsg.02/w7/pepfeaturecol.c:277:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(look->messageText,messprintf(" %4.2f ",feature->score));
data/acedb-4.9.39+dfsg.02/w7/pephomolcol.c:313:18: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
pipe = (FILE *)popen(script, "w");
data/acedb-4.9.39+dfsg.02/w7/pephomolcol.c:623:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(look->messageText, messprintf(" %d %d ",homol->sstart,homol->send));
data/acedb-4.9.39+dfsg.02/w7/pephomolcol.c:624:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(look->messageText, name(homol->meth));
data/acedb-4.9.39+dfsg.02/w7/pephomolcol.c:625:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(look->messageText,messprintf(" %4.2f ",homol->score));
data/acedb-4.9.39+dfsg.02/w7/pephomolcol.c:626:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(look->messageText, messprintf(" (%d - %d) ",homol->qstart,homol->qend));
data/acedb-4.9.39+dfsg.02/w7/pepseqcol.c:159:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(look->messageText, messprintf(" [%d] ",index+1));
data/acedb-4.9.39+dfsg.02/w7/pepseqcol.c:548:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str2,"%s",pepShortName[(int)array(arr(private->colMap,0,Array),i,char)]);
data/acedb-4.9.39+dfsg.02/w7/smapconvert.c:873:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(CLMethod, dictName(methods,i));
data/acedb-4.9.39+dfsg.02/w7/smapconvert.c:2685:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(string, type_text) ;
data/acedb-4.9.39+dfsg.02/w7/smapconvert.c:2688:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(string, text_text);
data/acedb-4.9.39+dfsg.02/w7/vmapdisp.c:2123:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (look->messageText, messprintf(" %.2f", seg->x)) ;
data/acedb-4.9.39+dfsg.02/w7/vmapdisp.c:2125:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (look->messageText, messprintf (" %.2f",
data/acedb-4.9.39+dfsg.02/w7/vmapdisp.c:2132:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (look->messageText, messprintf(" %.2f", seg->x)) ;
data/acedb-4.9.39+dfsg.02/w7/vmapdisp.c:2136:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (look->messageText, messprintf (" interpolated")) ;
data/acedb-4.9.39+dfsg.02/w7/vmapdisp.c:2138:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (look->messageText, messprintf (" [%.2f]",
data/acedb-4.9.39+dfsg.02/w7/vmapdisp.c:2142:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (look->messageText, messprintf (" %.2f",
data/acedb-4.9.39+dfsg.02/w7/vmapdisp.c:2148:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (look->messageText, messprintf(" %.2f %.2f", seg->x, seg->dx)) ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:1219:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "How do you want to consider unknown datas ?\n%s\n%s\n%s\n%s\n%s",
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:2174:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
{ sprintf(buf, messprintf("Bad value (%d) ; please try again", i)) ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:3066:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cq,">? Sequence %s", cp) ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:3068:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cq,">? Clone IS %s ; >Read", cp) ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:3478:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dirName, dbPathMakeFilName("", "", "", handle)) ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:3483:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ff, stackText(diffaction, 0)) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1524:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf2, "%s.%d", buf, j) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1655:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buff, "%s.%d", cp, j) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1737:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buff, "%s.%d", buf, j) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:2943:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buff, "%s_%d", name(contigKey), i) ;
data/acedb-4.9.39+dfsg.02/w9/asn.c:297:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(finisher,"%s %s",lastname,firstini);
data/acedb-4.9.39+dfsg.02/w9/asn.c:449:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(titlebuf,name(title));
data/acedb-4.9.39+dfsg.02/w9/asn.c:458:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(journbuf,name(journal));
data/acedb-4.9.39+dfsg.02/w9/asn.c:467:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(volumbuf,volume);
data/acedb-4.9.39+dfsg.02/w9/asn.c:517:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(author,"%s %s",lastname,firstini);
data/acedb-4.9.39+dfsg.02/w9/asn.c:627:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rnaname,name(arr(a,1,BSunit).k));
data/acedb-4.9.39+dfsg.02/w9/asn.c:641:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gBuf,arr(a,1,BSunit).s);
data/acedb-4.9.39+dfsg.02/w9/asn.c:644:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(gBuf,"%s %s %s",trna_codon,rnaname,trna_AA) != 3) {
data/acedb-4.9.39+dfsg.02/w9/asn.c:656:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rnaname,arr(a,1,BSunit).s);
data/acedb-4.9.39+dfsg.02/w9/asn.c:660:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rnaname, name(gpkey));
data/acedb-4.9.39+dfsg.02/w9/asn.c:717:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
gbp += sprintf(gbp, "coded for by C. elegans cDNA %s",
data/acedb-4.9.39+dfsg.02/w9/asn.c:722:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
gbp += sprintf(gbp, "coded for by human cDNA%s %s",
data/acedb-4.9.39+dfsg.02/w9/asn.c:730:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
gbp += sprintf(gbp, ", %s", cp = name(arr(a,i,BSunit).k));
data/acedb-4.9.39+dfsg.02/w9/asn.c:735:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
gbp += sprintf(gbp, " and %s", cp = name(arr(a,i,BSunit).k));
data/acedb-4.9.39+dfsg.02/w9/asn.c:767:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(lcp, "%s", name(gpkey));
data/acedb-4.9.39+dfsg.02/w9/asn.c:771:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gene, name(gpkey)); /*ss --where locus is set to gene*/
data/acedb-4.9.39+dfsg.02/w9/asn.c:781:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gene, Institution);
data/acedb-4.9.39+dfsg.02/w9/asn.c:788:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(gene, name(key));
data/acedb-4.9.39+dfsg.02/w9/asn.c:982:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%s", name(gpkey));
data/acedb-4.9.39+dfsg.02/w9/asn.c:985:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "Similar to %s", name(gpkey));
data/acedb-4.9.39+dfsg.02/w9/asn.c:1063:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gBuf,u.s);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1108:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qhere,qstr);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1177:27: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (hasEMBLfeature) strcpy(ftype,etype);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1188:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ntxt, mtxt);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1193:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ntxt, cp+1);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1286:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ftype,etype);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1301:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(qtxt,mtxt);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1416:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gSequence,FixCloneName(name(seq)));
data/acedb-4.9.39+dfsg.02/w9/asn.c:1420:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gRawClone, name(clone));
data/acedb-4.9.39+dfsg.02/w9/asn.c:1421:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gClone, FixCloneName(gRawClone));
data/acedb-4.9.39+dfsg.02/w9/asn.c:1423:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gClonePat, gClone);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1425:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gRawClonePat, gRawClone);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1431:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gCloneType,name(arr(a,0,BSunit).k));
data/acedb-4.9.39+dfsg.02/w9/asn.c:1440:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gLibrary,name(arr(a,0,BSunit).k));
data/acedb-4.9.39+dfsg.02/w9/asn.c:1448:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gMapPosition,name(arr(a,0,BSunit).k));
data/acedb-4.9.39+dfsg.02/w9/asn.c:1473:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyword[ii++],"%s",name(arr(a,i,BSunit).k));
data/acedb-4.9.39+dfsg.02/w9/asn.c:1482:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(gLocus, "YSCL%s", gSequence);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1488:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(gLocus, "CBR%s", gSequence);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1490:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(name(key),"Sequence-%s",gChromosome);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1500:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(gLocus, "CEL%s", gSequence);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1502:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(name(key),"Sequence-%s",gChromosome);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1513:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(gLocus, "HS%s", asnbr);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1516:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(name(key),"Sequence-%s",gChromosome);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1599:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(gBuf, "Saccharomyces cerevisiae chromosome XII cosmid %s", gSequence);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1602:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(gBuf,"The sequence of S. cerevisiae cosmid %s", gSequence);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1614:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(gBuf+strlen(gBuf), "~~%s",name(arr(a,i,BSunit).k));
data/acedb-4.9.39+dfsg.02/w9/asn.c:1645:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(gBuf, "Caenorhabditis briggsae cosmid %s", gSequence) ;
data/acedb-4.9.39+dfsg.02/w9/asn.c:1649:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(gBuf, "The sequence of C. briggsae cosmid %s", gSequence) ;
data/acedb-4.9.39+dfsg.02/w9/asn.c:1661:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(gBuf+strlen(gBuf), "~~%s",name(arr(a,i,BSunit).k));
data/acedb-4.9.39+dfsg.02/w9/asn.c:1697:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(gBuf, "Caenorhabditis elegans cosmid %s", gSequence) ;
data/acedb-4.9.39+dfsg.02/w9/asn.c:1701:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(gBuf, "The sequence of C. elegans cosmid %s", gSequence) ;
data/acedb-4.9.39+dfsg.02/w9/asn.c:1726:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(gBuf+strlen(gBuf), "~~%s",name(arr(a,i,BSunit).k));
data/acedb-4.9.39+dfsg.02/w9/asn.c:1778:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
gbp += sprintf(gBuf, "Human %s clone %s", gCloneType, gClone);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1787:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(gBuf, "The sequence of H. sapiens %s clone %s", gCloneType, gClone);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1913:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
gbp += sprintf(gbp, "~%s", name(arr(a,i,BSunit).k));
data/acedb-4.9.39+dfsg.02/w9/asn.c:2110:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(asnfile, "%s.asn", name(key));
data/acedb-4.9.39+dfsg.02/w9/asn.c:2131:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(asnfile, "%s/%s.asn", dname, fname);
data/acedb-4.9.39+dfsg.02/w9/asn.c:2250:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "getfa %s %s", fname, acc);
data/acedb-4.9.39+dfsg.02/w9/asn.c:2252:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((pp = popen(buf, "r")) == NULL)
data/acedb-4.9.39+dfsg.02/w9/belvu.c:953:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, ap);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1057:2: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(messprintf("%s http://www.sanger.ac.uk/cgi-bin/seq-query?%s&",
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1143:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (col) strcat(stats, messprintf("Column %d: ", col));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1145:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stats, messprintf("%s/%d-%d", alnp->name, alnp->start, alnp->end));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1148:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stats, messprintf(" %c = ", alnp->seq[col-1]));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1159:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stats, messprintf("%d", col-1 + alnp->start - gaps));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1163:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stats, messprintf(" (%d match", Highlight_matches));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1355:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpname, alnp->name);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1472:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, src);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1474:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(tmp, "%s%d%d", alnp->name, &alnp->start, &alnp->end) != 3) {
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1486:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%s/%d-%d\n", alnp->name, alnp->start, alnp->end);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2096:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(alnp->fetch, "%s", alnp->name);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2403:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, messprintf("%s", namep));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2406:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, messprintf("%s%c%d-%d", namep, saveSeparator, aln->start, aln->end));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2526:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(saveFormat, MSFStr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2530:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(saveFormat, MulStr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2534:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(saveFormat, FastaAlnStr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2538:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(saveFormat, FastaStr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2543:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(treeMethodString, UPGMAstr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2548:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(treeMethodString, NJstr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2554:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(treeDistString, UNCORRstr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2560:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(treeDistString, KIMURAstr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2565:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(treeDistString, STORMSONNstr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2971:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(suffix, cp+1);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:3739:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(node[i]->name, "%s",
data/acedb-4.9.39+dfsg.02/w9/belvu.c:3743:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(node[i]->name, "%s/%d-%d",
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4033:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(arrp(Aligntmp, i, ALN)->seq, arrp(Align, i, ALN)->seq);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4069:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(arrp(Align, i, ALN)->seq, arrp(Aligntmp, i, ALN)->seq);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4344:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(alnp->seq, seq);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4352:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(saveFormat, MSFStr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4360:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(aln.seq, seq);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4419:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seqp, cp);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4427:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(saveFormat, FastaAlnStr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4464:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp, line);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4498:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(cp + strlen(aln->name),
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4502:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(cp + strlen(aln->name),
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4656:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(alnp->seq, cp+alnstart);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4675:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, cp+4);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4773:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(saveFormat, MulStr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4794:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(linecp, line);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4885:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v[*argc], s);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5007:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(usage, "%s%s, compiled %s\n", usageText, belvuVersion, cc_date);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5020:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(colorCodesFile, optarg); break;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5023:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(markupColorCodesFile, optarg);break;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5026:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(readMatchFile, optarg);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5034:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(output_format, optarg); break;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5059:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(scoreFile, optarg); break;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5068:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(treeMethodString, NJstr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5073:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(treeMethodString, UPGMAstr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5080:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(treeDistString, KIMURAstr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5083:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(treeDistString, STORMSONNstr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5087:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(treeDistString, UNCORRstr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5221:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(saveFormat, FastaAlnStr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5225:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(saveFormat, FastaStr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5619:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(cp, "%s", setColor);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5639:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(line, "%c%s", &c, setColor) == 2)
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5913:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(colors, colorNames[i]);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5945:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
pipe = popen (command, "r") ;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:6013:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (!pos) strcpy(title, Title);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7016:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(linecopy, line);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7161:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rawseq, line);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7262:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(csh, X_OK)) {
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7267:26: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (!(pipe = (FILE *)popen(messprintf("%s -cf \"which %s\"", csh, command), "r"))) {
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7280:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(retval, F_OK) && !access(retval, X_OK))
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7280:35: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(retval, F_OK) && !access(retval, X_OK))
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:162:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(usage, "%s %s\n", usageText, blixemVersion) ;
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:173:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(FSfilename, optarg);
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:239:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(xtra_filename, optarg);
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:253:27: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
printf("Seq file: "); scanf("%s", seqfilename);
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:254:26: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
printf("FS file: "); scanf("%s", FSfilename);
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:266:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seqfilename, argv[optind]);
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:267:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(FSfilename, argv[optind+1]);
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:288:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s", qname);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:112:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s", qname);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:195:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s2, s);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:228:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msp->desc, cp);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:238:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msp->sseq, seq);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:249:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msp->sseq + msp->sstart - 1, seq);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:271:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(line, "%d%s%d%d%d%d%s",
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:284:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msp->sname, sname);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:302:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(src, msp->sname);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:312:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msp->sname, p);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:324:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msp->sname, db);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:326:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msp->sname, last);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:404:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(seq_pos, "%s", msp->sseq) != 1)
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:498:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fs.name, series);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:672:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, *readseq);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:676:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*readseq+readseqcount, line);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:684:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(line+14, "%s%s", qname, series) != 2)
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:693:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq1name, series);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:698:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq2name, series);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:738:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(line, "%d%s%s%d%d%s%s%d%d%s",
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:749:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msp->qname, qname);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:751:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msp->sname, sname);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:771:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(line, "%d%s%s%d%d%s",
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:782:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msp->qname, qname);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:785:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msp->sname, series);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:802:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(line, "%s%s%s%d%d%s%s%s",
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:820:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msp->qname, qname);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:823:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msp->sname, series);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:826:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msp->desc, series);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:839:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(line+13, "%s%s%s",
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:876:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msp->qname, qname);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:879:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msp->sname, series);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:918:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
pipe = popen (command, "r") ;
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:119:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(seqfilename, SEQEXT);
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:122:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(HSPfilename, EXT);
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:206:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(realname, filename);
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:207:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(realname, EXT);
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:245:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(array(names, items, char*), text);
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:338:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(usage, "%s%s, compiled %s\n", usageText, blixelectVersion, cc_date);
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:342:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
case 'q': strcpy(EXT, optarg); break;
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:343:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
case 's': strcpy(SEQEXT, optarg); break;
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:351:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(list, argv[argc-1]);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:926:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(messprintf("%s %s%s&", browser, URL, msp->sname));
data/acedb-4.9.39+dfsg.02/w9/blxview.c:977:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(HighlightSeq, msp->sname);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:985:32: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (bpmsp && *bpmsp->sname) strcpy(HighlightSeq, bpmsp->sname);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1031:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest->qframe, src->qframe);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1036:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest->sframe, src->sframe);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1854:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(HighlightSeq, MSPlist->sname);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1968:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bpmsp->sname, msp->sname);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:2742:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, messprintf(" %9d", (compN ? msp->send : msp->sstart)));
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3209:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(query, auxseq);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3330:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, seq_buf) ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3390:23: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (!(pipe = (FILE*)popen(fetchstr, "r")))
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3414:27: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (!(pipe = (FILE*)popen(fetchstr, "r")))
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3720:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message, "%s: %d No subject picked", queryname, qpos + qoffset);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3771:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message, "%s: %d ", queryname, qpos + qoffset);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3778:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(message, messprintf("%s: %d", pickedMSP->sname, spos));
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4166:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dottersseq, msp->sseq);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4297:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dottersseq, queryseq);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4959:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, text) ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:5012:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "pfetch --client=acedb_%s_%s -F '%s' &",
data/acedb-4.9.39+dfsg.02/w9/blxview.c:5014:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(title, "pfetch: %s", msp->sname);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:5069:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
result = strcpy(result, text) ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:5085:16: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
result = strcat(result, abbrev) ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:5087:16: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
result = strcat(result, tail_ptr) ;
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:71:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, ap);
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:320:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buff, "%s%s", junk, ACnr);
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:328:34: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if ( !strncmp(buff, "//", 2) ) strcpy( ACnr, rec->entry_name );
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:348:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( &TITLEline[strlen(TITLEline) - 1], &buff[16] );
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:392:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buff, "%s%s", junk, ACnr);
data/acedb-4.9.39+dfsg.02/w9/diskdump.c:63:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename,"%s/database/block1.wrm", getenv("ACEDB")) ;
data/acedb-4.9.39+dfsg.02/w9/diskfix.c:67:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (filename, "%s/database/blocks.wrm", getenv("ACEDB")) ;
data/acedb-4.9.39+dfsg.02/w9/dotter.c:511:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, ap);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2418:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(CrosshairPosText, "%s, %s", qpos, spos);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2543:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, getenv("PATH"));
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2546:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file, path);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2548:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(file, command);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2549:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(file, F_OK) && !access(file, X_OK)) {
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2549:30: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(file, F_OK) && !access(file, X_OK)) {
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2558:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(retstr, file);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2620:20: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
pipe = (FILE *)popen(messprintf("/bin/csh -cf \"%s -z %d -q %d -s %d -S '%s' %d '%s' %d %s %s\"",
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2906:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(CrosshairPosText, "%s, %s", qpos, spos);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3049:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(banner, "%s (horizontal) vs. %s (vertical)", qname, sname);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3199:45: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
qname = messalloc(strlen(queryname)+1); strcpy(qname, queryname);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3203:47: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
sname = messalloc(strlen(subjectname)+1); strcpy(sname, subjectname);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3420:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v[*argc], s);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:48:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest, src);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:113:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msp->qname, name);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:116:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msp->desc, desc);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:231:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(usage, "%s%s, compiled %s\n", usageText, dotterVersion, cc_date);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:249:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(savefile, optarg); break;
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:254:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(FSfilename, optarg); break;
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:258:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(FSfilename, optarg); break;
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:263:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(loadfile, optarg); break;
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:266:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mtxfile, optarg); break;
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:280:49: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
qname = messalloc(strlen(argv[optind])+1); strcpy(qname, argv[optind]);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:282:51: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
sname = messalloc(strlen(argv[optind+2])+1); strcpy(sname, argv[optind+2]);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:285:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dotterBinary, argv[optind+4]);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:289:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(winsize, optarg); break;
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:312:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(Xoptions, argv[i]);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:422:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(firstdesc, cq);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:434:44: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
qname = messalloc(strlen(qfilename)+1); strcpy(qname, qfilename);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:463:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(firstdesc, cq);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:475:44: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
sname = messalloc(strlen(sfilename)+1); strcpy(sname, sfilename);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:47:32: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (env = getenv("SWDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:48:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(dbdir, DEFAULT_SWDIR);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:53:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (env = getenv("PIRDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:54:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(dbdir, DEFAULT_PIRDIR);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:59:34: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (env = getenv("WORMDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:60:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(dbdir, DEFAULT_WORMDIR);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:66:34: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (env = getenv("EMBLDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:67:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(dbdir, DEFAULT_EMBLDIR);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:72:32: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (env = getenv("GBDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:73:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(dbdir, DEFAULT_GBDIR);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:78:36: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (env = getenv("PRODOMDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:79:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(dbdir, DEFAULT_PRODOMDIR);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:84:37: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (env = getenv("PROSITEDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:85:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(dbdir, DEFAULT_PROSITEDIR);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:197:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(help, helpText);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:210:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbsource, optarg); break;
data/acedb-4.9.39+dfsg.02/w9/efetch.c:251:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(help, helpText);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:299:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(usage, usageText);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:310:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(query, argv[argc - 1]);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:339:34: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (env = getenv("DBDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:344:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbprefix, query);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:361:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(query, tmpstr+1);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:382:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:406:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (env) strcpy(idxfile, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:407:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf(idxfile, "%s%s", dbdir, DEFAULT_IDXFILE);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:419:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (env != NULL) strcpy(divfile, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:420:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf(divfile, "%s%s", dbdir, DEFAULT_DIVFILE);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:436:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(actrgfile, "%s%s", dbdir, DEFAULT_ACTRGFILE);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:450:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(achitfile, "%s%s", dbdir, DEFAULT_ACHITFILE);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:533:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (env != NULL) strcpy(dbfile, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:537:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (file != NULL) sprintf(dbfile, "%s%s", dbdir, file);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:540:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbfile, "%s%s", dbdir, DEFAULT_DBFILE);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:581:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fetchstr, cp);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:583:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(fetchstr);
data/acedb-4.9.39+dfsg.02/w9/embl.c:259:8: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (dumpFile, cp) ;
data/acedb-4.9.39+dfsg.02/w9/embl.c:1308:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (dumpFile, cp, name(seq)) ;
data/acedb-4.9.39+dfsg.02/w9/embl.c:1310:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (dumpFile, name(seq)) ;
data/acedb-4.9.39+dfsg.02/w9/embl.c:1407:8: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (dumpFile, cp) ;
data/acedb-4.9.39+dfsg.02/w9/embl.c:1422:8: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (dumpFile, cp) ;
data/acedb-4.9.39+dfsg.02/w9/fetch.c:43:32: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (env = getenv("SWDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:44:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(dbdir, DEFAULT_SWDIR);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:49:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (env = getenv("PIRDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:50:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(dbdir, DEFAULT_PIRDIR);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:55:34: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (env = getenv("WORMDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:56:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(dbdir, DEFAULT_WORMDIR);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:63:34: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (env = getenv("EMBLDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:64:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(dbdir, DEFAULT_EMBLDIR);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:69:32: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (env = getenv("GBDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:70:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(dbdir, DEFAULT_GBDIR);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:75:36: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (env = getenv("PRODOMDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:76:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(dbdir, DEFAULT_PRODOMDIR);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:83:37: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (env = getenv("PROSITEDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:84:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(dbdir, DEFAULT_PROSITEDIR);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:152:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbsource, optarg); break;
data/acedb-4.9.39+dfsg.02/w9/fetch.c:162:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(idxfile, optarg); break;
data/acedb-4.9.39+dfsg.02/w9/fetch.c:167:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbdir, optarg); break;
data/acedb-4.9.39+dfsg.02/w9/fetch.c:169:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbfile, optarg); break;
data/acedb-4.9.39+dfsg.02/w9/fetch.c:190:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(divfile, optarg); break;
data/acedb-4.9.39+dfsg.02/w9/fetch.c:207:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(customName, optarg); break;
data/acedb-4.9.39+dfsg.02/w9/fetch.c:216:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(query, argv[argc - 1]);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:240:34: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (env = getenv("DBDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:245:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbprefix, query);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:262:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(query, tmpstr+1);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:283:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:307:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (env) strcpy(idxfile, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:308:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf(idxfile, "%s%s", dbdir, DEFAULT_IDXFILE);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:320:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (env != NULL) strcpy(divfile, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:321:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf(divfile, "%s%s", dbdir, DEFAULT_DIVFILE);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:337:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(actrgfile, "%s%s", dbdir, DEFAULT_ACTRGFILE);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:351:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(achitfile, "%s%s", dbdir, DEFAULT_ACHITFILE);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:434:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (env != NULL) strcpy(dbfile, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:438:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (file != NULL) sprintf(dbfile, "%s%s", dbdir, file);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:441:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbfile, "%s%s", dbdir, DEFAULT_DBFILE);
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:462:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while (EOF != fscanf(fp,"%s",string)) {
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:466:42: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if(!strcmp(string,"siteType:")) fscanf(fp,"%s",table->siteType);
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:467:41: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if(!strcmp(string,"refSeqs:")) fscanf(fp,"%s",table->refSeqs);
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:468:42: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if(!strcmp(string,"freqType:")) fscanf(fp,"%s",table->freqType);
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:469:42: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if(!strcmp(string,"classDef:")) fscanf(fp,"%s",table->classDef);
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:484:2: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fp,"%s",string2);
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:486:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(string,string2);
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:842:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (seq->name, name) ;
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:1031:10: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while (fscanf(fp,"%s ",fileName) != EOF)
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:1086:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( lastFileName, fileName );
data/acedb-4.9.39+dfsg.02/w9/gmapdata.c:708:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, messprintf ("%s moved %f to %f\n",
data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c:157:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (look->messageText, name(gene_key)) ;
data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c:160:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (look->messageText, name(gene_key)) ;
data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c:165:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (look->messageText,
data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c:465:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, messprintf (" %d", *p)) ;
data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c:467:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, messprintf (" %.2f %.2f",
data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c:472:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, messprintf (": %.2f", (y1>y2) ? (y1-y2) : (y2-y1))) ;
data/acedb-4.9.39+dfsg.02/w9/gmapphys.c:249:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(look->messageText, messprintf(" %.2f", seg->x));
data/acedb-4.9.39+dfsg.02/w9/gmapphys.c:250:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(look->messageText, messprintf(" interpolated"));
data/acedb-4.9.39+dfsg.02/w9/gmapphys.c:466:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(look->messageText,
data/acedb-4.9.39+dfsg.02/w9/gmapphys.c:469:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(look->messageText,
data/acedb-4.9.39+dfsg.02/w9/hexcode.c:57:24: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define messerror(x,y) fprintf(stderr,x,y)
data/acedb-4.9.39+dfsg.02/w9/readseq.c:215:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (matdirname, getenv ("BLASTMAT")) ;
data/acedb-4.9.39+dfsg.02/w9/readseq.c:218:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fullname, matdirname) ;
data/acedb-4.9.39+dfsg.02/w9/readseq.c:219:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (fullname, name) ;
data/acedb-4.9.39+dfsg.02/w9/translate.c:95:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(aaptr, code[codon]);
data/acedb-4.9.39+dfsg.02/w9/vmapdata2.c:1389:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (look->messageText, name(dataKey)) ;
data/acedb-4.9.39+dfsg.02/w9/vmapdata2.c:1391:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (look->messageText, name(arr(loci,0,KEY))) ;
data/acedb-4.9.39+dfsg.02/w9/vmapdata2.c:1393:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (look->messageText, messprintf (" %d %s",
data/acedb-4.9.39+dfsg.02/w9/vmapdata2.c:1845:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, messprintf (" %d", arr(counts, i, int))) ;
data/acedb-4.9.39+dfsg.02/w9/vmapdata2.c:1847:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, messprintf (" %.2f %.2f",
data/acedb-4.9.39+dfsg.02/w9/vmapdata2.c:1851:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, messprintf (": %.2f", (y1>y2) ? (y1-y2) : (y2-y1))) ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:3706:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy (buf, name(*kp)) ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:3715:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy (buf1, name(*kp1)) ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3388:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (com, "%s%s%s%s%s%s",
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3396:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (com, "%s%s%s%s%s%s",
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3438:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf,
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3450:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf,
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3605:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "Save_as %s\n", nm) ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3721:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "load -active\nget 30\nsort\nassemble 12\nsave %s\n", nm) ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3805:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "Get 20\nSort 100\nAssemble %d\nFix\nSave %s\n", taux, nm) ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:625:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (seg->buf, name(cosmid)) ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:626:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (seg->buf2, messprintf("%d", a1)) ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:630:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (seg2->buf, name(cosmid)) ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:631:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (seg2->buf2, messprintf("%d", a2)) ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:717:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (seg->buf, cr) ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:724:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (seg->buf2, cr) ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:791:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (seg->buf2, messprintf("%d bp", len)) ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:836:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (seg->buf, cq) ;
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2194:9: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
scanf("%s",rep);
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2363:7: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
scanf("%s",rep);
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1167:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (0) sprintf (command, "query find %s IS %s\nlist -C", new_class, new_name ) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1168:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf (command, "query find %s IS %s", new_class, new_name ) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1603:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "aql -C %s", query) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1658:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "table %s -C -n %s %s", fa, query, params) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1661:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "table %s -C -f %s %s", fa, query, params) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1667:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "table %s -C =%s %s", fa, query, params) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1838:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buff, "%s" , query) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1840:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buff, "query %s" , query) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2515:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "keyset-read %s" , name) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2554:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "list -a -f %s", name) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2805:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (s, text) ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket.c:126:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf(b,"%s%s%s",f_host, f_port, f_user);
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:324:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(connection->last_errmsg, msg1);
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:326:1: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(connection->last_errmsg, msg1);
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:376:79: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
static AceConnStatus accessSocket(AceConnection connection, AceConnSockAccess access) ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:398:79: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
static AceConnStatus selectSocket(AceConnection connection, AceConnSockAccess access) ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:521:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(request, "%s %s", connection->userid, hash_nonce) ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:643:79: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
static AceConnStatus accessSocket(AceConnection connection, AceConnSockAccess access)
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:652:46: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((status = selectSocket(connection, access)) != ACECONN_OK)
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1173:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (strcpy(buffer, msgType) == NULL)
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1176:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, msgType) ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1207:79: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
static AceConnStatus selectSocket(AceConnection connection, AceConnSockAccess access)
data/acedb-4.9.39+dfsg.02/wac/accmd.c:63:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(prompt,"acedb@%s>",dbname);
data/acedb-4.9.39+dfsg.02/wac/acctest.c:61:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(b,"-%s-", ac_table_printable(t,x,y,""));
data/acedb-4.9.39+dfsg.02/wac/acinside.c:698:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "Find %s IS \"%s\"", class, nam) ;
data/acedb-4.9.39+dfsg.02/wac/acinside.c:704:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cp, "Find %s IS \"%s\"", class, nam) ;
data/acedb-4.9.39+dfsg.02/wac/acinside.c:1345:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cq, "%s\n", cp) ; /* \n replaces one or more zero, so we do not go over size */
data/acedb-4.9.39+dfsg.02/wace/acediff.c:469:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system ("sort -u -T . +1 tempA1 -o tempA2") ;
data/acedb-4.9.39+dfsg.02/wace/acediff.c:477:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system ("sort -u -T . +1 tempB1 -o tempB2") ;
data/acedb-4.9.39+dfsg.02/wace/acediff.c:499:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system ("sort -T . +1 -3 +0 -1 tempC1 -o tempC2") != 0)
data/acedb-4.9.39+dfsg.02/wace/acesubs.c:51:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ww[nfield],cp) ;
data/acedb-4.9.39+dfsg.02/wace/acesubs.c:222:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newlexname, name);
data/acedb-4.9.39+dfsg.02/wace/pmapace.c:95:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cloneName[kclone++],&buffer[3]) ;
data/acedb-4.9.39+dfsg.02/wace/pmapace2.c:81:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cloneName[kclone++],&buffer[3]) ;
data/acedb-4.9.39+dfsg.02/waql/aqlcheck.c:175:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cws, cp);
data/acedb-4.9.39+dfsg.02/waql/aqlerror.c:80:3: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf (aql->errorMessage, format, args) ;
data/acedb-4.9.39+dfsg.02/waql/aqlerror.c:98:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (aql->errorReport,
data/acedb-4.9.39+dfsg.02/waql/aqlerror.c:125:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (aql->errorReport, startLine);
data/acedb-4.9.39+dfsg.02/waql/aqlrun.c:729:25: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(sortSpecString,
data/acedb-4.9.39+dfsg.02/waql/aqlrun.c:736:29: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(sortSpecString,
data/acedb-4.9.39+dfsg.02/waql/aqlrun.c:740:29: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(sortSpecString,
data/acedb-4.9.39+dfsg.02/wdce/client.c:61:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( outbuf, lpszString );
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:130:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lpSvr->lpszServerStringBinding,szServerStringBinding) ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:190:4: [4] (buffer) _mbscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_mbscpy( *pAnswer, *pReponse ) ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:835:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(answer,loop);
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:841:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
{ strcat(answer,loop);
data/acedb-4.9.39+dfsg.02/wdce/dceserverlib.c:207:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%s%d%s\n%s\n",
data/acedb-4.9.39+dfsg.02/wdce/dceserverlib.cpp:408:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%s%d%s\n%s\n",
data/acedb-4.9.39+dfsg.02/wdce/serviceregistrypp.cpp:256:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ppathnameBuf, m_AceServer_Pathname) ;
data/acedb-4.9.39+dfsg.02/wgd/gd2gif.c:17:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (buf, argv[1]) ;
data/acedb-4.9.39+dfsg.02/wgd/gd2gif.c:28:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (buf, argv[1]) ;
data/acedb-4.9.39+dfsg.02/wgnbk/gnbk.c:545:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(stackText (hp,0)) ;
data/acedb-4.9.39+dfsg.02/wgnbk/gnbkserver.c:120:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (buf, masterFile) ;
data/acedb-4.9.39+dfsg.02/wgnbk/gnbkserver.c:208:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(argv[n++],"%s",dummy) == 1 &&
data/acedb-4.9.39+dfsg.02/wgnbk/gnbkserver.c:218:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(argv[n++],"%s",dummy) == 1 &&
data/acedb-4.9.39+dfsg.02/wgnbk/rpcgnbk_sp.c:107:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%s%d%s\n%s\n",
data/acedb-4.9.39+dfsg.02/wh/dbidx.h:79:16: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(),
data/acedb-4.9.39+dfsg.02/wh/dbidx.h:81:16: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(),
data/acedb-4.9.39+dfsg.02/wh/dbidx.h:82:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(),
data/acedb-4.9.39+dfsg.02/wh/dbidx.h:88:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
extern char *strcpy(char*, char*),
data/acedb-4.9.39+dfsg.02/wh/igdevent.h:225:14: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
extern int execvp PROTO(( char *path, char *argv[]));
data/acedb-4.9.39+dfsg.02/wh/igdevent.h:233:14: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
extern void printf VPROTO((char *fmt, ...));
data/acedb-4.9.39+dfsg.02/wh/igdevent.h:235:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
char * strcpy (char *dest, const char *src);
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:261:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define popen _popen
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:366:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int system (const char *command);
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:415:6: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int vfprintf (FILE *stream, const char *format, va_list arglist);
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:416:6: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int vprintf (const char *format, va_list arglist);
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:420:8: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
char *vsprintf (char *buffer, const char *format, va_list arglist);
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:423:6: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
int vsprintf (char *buffer, const char *format, va_list arglist);
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:435:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int fprintf (FILE *stream, const char *format, ...);
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:436:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
int fscanf (FILE *stream, const char *format, ...);
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:437:11: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
int scanf (const char *format, ...);
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:438:11: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int printf (const char *format, ...);
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:439:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
int sscanf (const char *buffer, const char *format, ...);
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:452:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE *popen (const char *command, const char *type);
data/acedb-4.9.39+dfsg.02/whooks/class.c:161:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp1, cp);
data/acedb-4.9.39+dfsg.02/whooks/sysclass.c:587:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (buf, cp) ;
data/acedb-4.9.39+dfsg.02/win32/startace.c:171:7: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(ace, &bareargv);
data/acedb-4.9.39+dfsg.02/win32/startace.c:184:7: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(rxvt, &rxvtargv);
data/acedb-4.9.39+dfsg.02/win32/winaceshell.c:39:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(args, argv[i]);
data/acedb-4.9.39+dfsg.02/win32/winaceshell.c:50:3: [4] (shell) ShellExecute:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ShellExecute(0, "open", path, args, cwd, 0);
data/acedb-4.9.39+dfsg.02/wjo/o2m.c:1131:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (ox->message2Text, messprintf ("%s ", name (hit))) ;
data/acedb-4.9.39+dfsg.02/wjo/o2m.c:1132:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (ox->message2Text,
data/acedb-4.9.39+dfsg.02/wjo/pairmapdisp.c:1100:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (ox->messageText, messprintf ("%s ", name (hit))) ;
data/acedb-4.9.39+dfsg.02/wjo/pairmapdisp.c:1101:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (ox->messageText, messprintf ("between %s and %s", name (key1), name (key2))) ;
data/acedb-4.9.39+dfsg.02/wjo/specg.c:264:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (ox->message3Text, messprintf ("%s ", name (hit))) ;
data/acedb-4.9.39+dfsg.02/wjo/specg.c:265:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (ox->message3Text, messprintf ("between %s and %s", name (key1), name (key2))) ;
data/acedb-4.9.39+dfsg.02/wnq/acelibtest.c:64:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, aceErrorMessage(0)) ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:457:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (stackText(t->s, 0), t->type) ;
data/acedb-4.9.39+dfsg.02/wrpc/aceclientlib.c:535:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(answer,loop);
data/acedb-4.9.39+dfsg.02/wrpc/aceclientlib.c:541:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
{ strcat(answer,loop);
data/acedb-4.9.39+dfsg.02/wrpc/aceserver.c:484:18: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (debug) fprintf(stderr, stackText(s,0)) ;
data/acedb-4.9.39+dfsg.02/wrpc/aceserver.c:707:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
f = popen(messprintf("cd %s ; tar chf - %s %s | uuencode server.wspec.tar",
data/acedb-4.9.39+dfsg.02/wrpc/aceserver.c:711:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
f = popen(messprintf("cd %s ; tar chf - %s %s",
data/acedb-4.9.39+dfsg.02/wrpc/aceserver.c:849:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{ fprintf (out, usage) ;
data/acedb-4.9.39+dfsg.02/wrpc/aceserver.c:850:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, usage) ;
data/acedb-4.9.39+dfsg.02/wrpc/acesyb.c:407:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(to->data.textData, from->data.textData);
data/acedb-4.9.39+dfsg.02/wrpc/acesybase.c:142:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(np->data.textData, bs->bt->cp);
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:316:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (2 == sscanf((char*)answer,"// %s is a sub class of %[a-zA-Z_0-9]",subclass,superclass)) {
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:317:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message,"%s is the superclass for %s",superclass,subclass);
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:373:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message,"Error getting temp file name: %s", messSysErrorText()) ;
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:381:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message,"Error creating temp table file \"%s\": %s", tempName, messSysErrorText()) ;
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:399:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message,"table -j %s",tempName);
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:426:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message,"%s is currently unimplemented",command);
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:502:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(message,data);
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:103:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{ printf(text) ;
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:360:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (2 == sscanf((char*)answer,"// %s is a sub class of %[a-zA-Z_0-9]",subclass,superclass)) {
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:361:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message,"%s is the superclass for %s",superclass,subclass);
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:400:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message,"Error getting temp file name: %s",
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:409:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message,"Error creating temp table file \"%s\":%s",
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:428:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message,"table -j %s",tempName);
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:455:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message,"%s is currently unimplemented",command);
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:524:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(message,data);
data/acedb-4.9.39+dfsg.02/wrpc/rpcace_sp.c:134:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%s%d%s\n%s\n",
data/acedb-4.9.39+dfsg.02/wrpc/xclient.c:596:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, stackText(sr,0)) ;
data/acedb-4.9.39+dfsg.02/wrpc/xclient.c:687:4: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(messprintf("touch %s.done ; cat %s >> %s.done",
data/acedb-4.9.39+dfsg.02/wsocket/saceclient.c:899:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(start) ;
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:269:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (!strcpy(tmp, *cp))
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:273:30: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (!strcat(tmp, " ") || !strcat(tmp, answers[i]))
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:279:30: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (!strcat(tmp, " ") || !strcat(tmp, passwd_str))
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:366:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (!strcpy(tmp, *cp))
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:370:30: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (!strcat(tmp, " ") || !strcat(tmp, answers[i]))
data/acedb-4.9.39+dfsg.02/wsocket/sclientlib.c:372:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(phrase, words[0]) ;
data/acedb-4.9.39+dfsg.02/wsocket/sclientlib.c:376:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(phrase, words[i]) ;
data/acedb-4.9.39+dfsg.02/wsocket/serverace.c:1100:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
f = popen(messprintf("cd %s ; tar chf - %s %s | uuencode server.wspec.tar",
data/acedb-4.9.39+dfsg.02/wsocket/serverace.c:1104:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
f = popen(messprintf("cd %s ; tar chf - %s %s",
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:184:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (strcpy(array(contents, i, char*), perm_type) == NULL
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:186:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
|| strcat(array(contents, i, char*), perm_level) == NULL)
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1102:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (strcpy(backup_name, file_path) == NULL
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1103:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
|| strcat(backup_name, backup_ext) == NULL)
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1149:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (strcpy(array(passwd_entries, i, char*), userid) == NULL
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1151:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
|| strcat(array(passwd_entries, i, char*), hash) == NULL)
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1186:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (strcpy(array(passwd_entries, i, char*), userid) == NULL
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1188:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
|| strcat(array(passwd_entries, i, char*), hash) == NULL)
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1304:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (strcpy(array(passwd_entries, i, char*), array(words, j, char*)) == NULL)
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1312:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
|| strcat(array(passwd_entries, i, char*), array(words, j, char*)) == NULL)
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1386:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (strcpy(array(passwd_entries, i, char*), tmp) == NULL
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1388:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
|| strcat(array(passwd_entries, i, char*), userid) == NULL)
data/acedb-4.9.39+dfsg.02/wsocket/serverclientutils.c:123:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (strcpy(buffer, msgType) == NULL)
data/acedb-4.9.39+dfsg.02/wsocket/sxclient.c:624:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, stackText(sr,0)) ;
data/acedb-4.9.39+dfsg.02/wsocket/sxclient.c:715:4: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(messprintf("touch %s.done ; cat %s >> %s.done",
data/acedb-4.9.39+dfsg.02/wstaden/Read.c:182:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read->trace_name, fn);
data/acedb-4.9.39+dfsg.02/wstaden/error.c:28:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:325:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(seq,line);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:589:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&en[l1+1], &line[10]);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:1155:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, str);
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:89:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s %s 1>/dev/null 2>/dev/null",
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:91:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((ret = system(buf)) != 0) {
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:101:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s", file, magics[compression_used-1].extension);
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:203:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fext, "%s%s", file, magics[i].extension);
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:216:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s %s 1>%s 2>/dev/null",
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:218:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((ret = system(buf)) == 0) {
data/acedb-4.9.39+dfsg.02/wstaden/files.c:56:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (1 == sscanf(line, "%s", name))
data/acedb-4.9.39+dfsg.02/wstaden/find.c:15:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wholePath,file);
data/acedb-4.9.39+dfsg.02/wstaden/find.c:21:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(paths,searchpath);
data/acedb-4.9.39+dfsg.02/wstaden/find.c:26:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(wholePath,path);
data/acedb-4.9.39+dfsg.02/wstaden/find.c:28:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void) strcat(wholePath,file);
data/acedb-4.9.39+dfsg.02/wstaden/makeSCF.c:55:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cc, r->info);
data/acedb-4.9.39+dfsg.02/wstaden/makeSCF.c:97:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "CONV=makeSCF V3.00\nMACH=%s\nDATF=%s\nDATN=%s\n",
data/acedb-4.9.39+dfsg.02/wstaden/makeSCF.c:100:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cp, buf);
data/acedb-4.9.39+dfsg.02/wstaden/os.h:135:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define popen _popen
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:424:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "COMM=%s\n", commstrp);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:425:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, line);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:451:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, line);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:460:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, line);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:471:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, line);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:487:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, line);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:501:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, line);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:527:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, line);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:534:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s,comment);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:615:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read->trace_name, fn);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOALF.c:374:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read->trace_name, fn);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOCTF.c:60:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read->trace_name, fn);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:129:12: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (5 == sscanf(line, "%6d%6d%6d%4c%s",
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:139:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read->trace_name, name);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:214:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read->trace_name, fn);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:245:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(exp_get_entry(e, EFLT_EN), "%s", EN);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:247:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(exp_get_entry(e, EFLT_ID), "%s", EN);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:257:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exp_get_entry(e, EFLT_LN), cp);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:262:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exp_get_entry(e, EFLT_LT), t);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:322:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path,s);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:325:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path,trace);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:399:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r->base, str);
data/acedb-4.9.39+dfsg.02/wzmap/stringbucket.c:74:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)(c+1), string);
data/acedb-4.9.39+dfsg.02/wzmap/zmapcalls.c:71:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyspec, "%s:%s", className(key), name(key));
data/acedb-4.9.39+dfsg.02/wzmap/zmapcalls.c:72:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fromspec, "%s:%s", className(from), name(from));
data/acedb-4.9.39+dfsg.02/w1/aceout.c:624:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *tmpfile = getenv("TEMP"); /* allow user to override location of temp files */
data/acedb-4.9.39+dfsg.02/w1/aceout.c:661:19: [3] (tmpfile) tempnam:
Temporary file race condition (CWE-377).
if (!(nameptr = tempnam(dirname, "ACEDB")))
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:568:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *tmpenv = getenv("TEMP");
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:584:15: [3] (tmpfile) tempnam:
Temporary file race condition (CWE-377).
if (!(nam = tempnam ("/var/tmp", "ACEDB")))
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:586:15: [3] (tmpfile) tempnam:
Temporary file race condition (CWE-377).
if (!(nam = tempnam(tmppath, "ACEDB")))
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:588:15: [3] (tmpfile) tempnam:
Temporary file race condition (CWE-377).
if (!(nam = tempnam ("/tmp", "ACEDB")))
data/acedb-4.9.39+dfsg.02/w1/getopt.c:246:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
#ifndef getenv
data/acedb-4.9.39+dfsg.02/w1/getopt.c:247:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
extern char *getenv ();
data/acedb-4.9.39+dfsg.02/w1/getopt.c:432:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
posixly_correct = getenv ("POSIXLY_CORRECT");
data/acedb-4.9.39+dfsg.02/w1/getopt.c:1007:1: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt (argc, argv, optstring)
data/acedb-4.9.39+dfsg.02/w1/getopt.c:1037:11: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt (argc, argv, "abc:d:0123456789");
data/acedb-4.9.39+dfsg.02/w1/getopt1.c:102:1: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt_long (argc, argv, options, long_options, opt_index)
data/acedb-4.9.39+dfsg.02/w1/getopt1.c:158:11: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "abc:d:0123456789",
data/acedb-4.9.39+dfsg.02/w1/randsubs.c:34:5: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int random(void); /* in libc.a */
data/acedb-4.9.39+dfsg.02/w1/randsubs.c:67:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return random() ;
data/acedb-4.9.39+dfsg.02/w1/utils.c:125:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((name = getenv("USERNAME")) != NULL )
data/acedb-4.9.39+dfsg.02/w2/filquery.c:468:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
{ if (getenv ("PWD"))
data/acedb-4.9.39+dfsg.02/w2/filquery.c:469:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strcpy (dirName, getenv("PWD")) ;
data/acedb-4.9.39+dfsg.02/w2/graphascii.c:264:28: [3] (tmpfile) tempnam:
Temporary file race condition (CWE-377).
{ if (!(localfilname = tempnam ("/var/tmp", "AcePr")))
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:644:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv ("ACEDB_LPR")))
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1135:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv ("ACEDB_LPR")))
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1162:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if (getenv("PWD"))
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1163:32: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strcpy (result->dirBuffer, getenv("PWD")) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1164:13: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
else if (!getwd (result->dirBuffer))
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1222:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
len = strlen (getenv ("ACEDB_LPR") && n == 0 ?
data/acedb-4.9.39+dfsg.02/w2/xremotemain.c:188:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("DISPLAY"))
data/acedb-4.9.39+dfsg.02/w2/xremotemain.c:190:43: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
display_str = (char*)malloc (strlen(getenv("DISPLAY")) + 1);
data/acedb-4.9.39+dfsg.02/w2/xremotemain.c:191:28: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strcpy (display_str, getenv("DISPLAY"));
data/acedb-4.9.39+dfsg.02/w3/taqlmain.c:245:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!(dbDir = getenv("ACEDB")))
data/acedb-4.9.39+dfsg.02/w3/xacemain.c:279:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("ACEDB_NO_BANNER"))
data/acedb-4.9.39+dfsg.02/w3/xclientmain.c:229:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("ACEDB_NO_BANNER"))
data/acedb-4.9.39+dfsg.02/w4/banner.c:212:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("ACEDB_NO_BANNER"))
data/acedb-4.9.39+dfsg.02/w4/command.c:137:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("ACEDB_SUBSHELLS"))
data/acedb-4.9.39+dfsg.02/w4/command.c:143:34: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (aceInIsInteractive(fi) && !getenv("ACEDB_NO_BANNER"))
data/acedb-4.9.39+dfsg.02/w4/command.c:3629:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *ad_string = getenv("AQL_DEBUG_LEVEL");
data/acedb-4.9.39+dfsg.02/w4/dbpath.c:48:32: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
dbpath_from_command_line = getenv("ACEDB");
data/acedb-4.9.39+dfsg.02/w4/dbpath.c:69:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("ACEDB_COMMON"))
data/acedb-4.9.39+dfsg.02/w4/dbpath.c:70:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
commondir = getenv("ACEDB_COMMON");
data/acedb-4.9.39+dfsg.02/w4/dbpath.c:129:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv ("ACEDB_NO_BANNER"))
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:1323:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("ACEDB_NO_BANNER"))
data/acedb-4.9.39+dfsg.02/w4/parse.c:445:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv ("ACEDB_DATA"))
data/acedb-4.9.39+dfsg.02/w4/parse.c:446:31: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strcpy (pdisp->dirSelection, getenv("ACEDB_DATA")) ;
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:345:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv("HOME"))
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:347:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strcat(filename,getenv("HOME"));
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:380:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv("HOME"))
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:382:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strcpy(filename,getenv("HOME"));
data/acedb-4.9.39+dfsg.02/w4/session.c:802:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (euid != ruid && !getenv("ACEDB_NO_BANNER"))
data/acedb-4.9.39+dfsg.02/w4/session.c:987:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
(getenv("ACEDB_NO_BANNER") ? FALSE : TRUE);
data/acedb-4.9.39+dfsg.02/w4/session.c:1972:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("ACEDB_NO_BANNER"))
data/acedb-4.9.39+dfsg.02/w4/session.c:2006:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv ("ACEDB_CHANGE_MAIN_RELEASE")) /* override */
data/acedb-4.9.39+dfsg.02/w4/session.c:3263:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv ("ACEDB_NO_AUTOSAVE")) return 0 ;
data/acedb-4.9.39+dfsg.02/w4/update.c:169:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv ("ACEDB_DATA"))
data/acedb-4.9.39+dfsg.02/w4/update.c:170:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strcpy (fileName, getenv("ACEDB_DATA")) ;
data/acedb-4.9.39+dfsg.02/w5/disknew.c:798:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv ("ACEDB_DEBUG"))
data/acedb-4.9.39+dfsg.02/w6/bsdumps.c:254:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((s = getenv ("ACEDB_BREAK")))
data/acedb-4.9.39+dfsg.02/w6/bsdumps.c:259:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv ("ACEDB_DUMP_ATTACH"))
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:236:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
qm = getenv("ACEQM"); /* quote mark for perl output */
data/acedb-4.9.39+dfsg.02/w6/querydisp.c:684:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("ACEDB_AUTOSAVE")) {
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3274:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv ("ACEDB_DATA"))
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3276:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strcpy (dirName, getenv("ACEDB_DATA")) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:4048:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv ("ACEDB_DATA"))
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:4050:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strcpy (dirName, getenv("ACEDB_DATA")) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:3288:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("ACEDB_PROJECT") && (look->zoneMax - look->zoneMin < 1000))
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:5803:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("ACEDB_PROJECT") && (look->zoneMax - look->zoneMin < 1000))
data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c:267:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv ("ACEDB_CONTIG9"))
data/acedb-4.9.39+dfsg.02/w9/asn.c:1466:58: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (bsFindTag(Seq, _Database) && bsFlatten(Seq,3,a) && getenv("ASNACCESSION") == NULL) {
data/acedb-4.9.39+dfsg.02/w9/asn.c:2072:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
gAsnDebug = (getenv("ASNDEBUG") != NULL);
data/acedb-4.9.39+dfsg.02/w9/asn.c:2075:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
asnauto = (getenv("ASNAUTO") != NULL);
data/acedb-4.9.39+dfsg.02/w9/asn.c:2078:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
asncase = (asnauto && getenv("ASNCASE") != NULL);
data/acedb-4.9.39+dfsg.02/w9/asn.c:2081:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
asnprompt = (asnauto && getenv("ASNPROMPT") != NULL);
data/acedb-4.9.39+dfsg.02/w9/asn.c:2084:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ptype = getenv("ACEDB_PROJECT");
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4036:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(0));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4047:18: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
src = (int)(drand48()*maxLen);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5009:20: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((optc = getopt(argc, argv, optstring)) != -1)
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:164:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((optc = getopt(argc, argv, optstring)) != EOF )
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:340:20: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((optc = getopt(argc, argv, optstring)) != -1)
data/acedb-4.9.39+dfsg.02/w9/blxview.c:909:31: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!browser && !(browser = getenv("BLIXEM_WWW_BROWSER")))
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1634:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (pfetch || (getenv("BLIXEM_FETCH_PFETCH")))
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1639:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if ((URL = getenv("BLIXEM_FETCH_WWW")))
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1641:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if (getenv("BLIXEM_FETCH_EFETCH"))
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1682:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if ((net_id = getenv("BLIXEM_PFETCH")))
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1687:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((port_str = getenv("BLIXEM_PORT")))
data/acedb-4.9.39+dfsg.02/w9/diskdump.c:63:50: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
sprintf(filename,"%s/database/block1.wrm", getenv("ACEDB")) ;
data/acedb-4.9.39+dfsg.02/w9/diskdump.c:106:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
d, getenv ("ACEDB")) ;
data/acedb-4.9.39+dfsg.02/w9/diskfix.c:65:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv ("ACEDB"))
data/acedb-4.9.39+dfsg.02/w9/diskfix.c:67:48: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
sprintf (filename, "%s/database/blocks.wrm", getenv("ACEDB")) ;
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2539:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
path = messalloc(strlen(getenv("PATH"))+1);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2543:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strcpy(path, getenv("PATH"));
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2611:35: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
"($PATH=%s)", dotterBinary, getenv("PATH"));
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3099:37: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!alignmentInitialized && !getenv("ACEDB_PROJECT"))
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3352:36: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
!(fil = fopen(messprintf("%s/%s", getenv("BLASTMAT"), mtxfile), "r")))
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:244:20: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((optc = getopt(argc, argv, optstring)) != EOF)
data/acedb-4.9.39+dfsg.02/w9/efetch.c:47:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (env = getenv("SWDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:53:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (env = getenv("PIRDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:59:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (env = getenv("WORMDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:66:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (env = getenv("EMBLDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:72:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (env = getenv("GBDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:78:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (env = getenv("PRODOMDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:84:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (env = getenv("PROSITEDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:206:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((optc = getopt(argc, argv, optstring)) != -1)
data/acedb-4.9.39+dfsg.02/w9/efetch.c:339:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (env = getenv("DBDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:381:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (env = getenv("DBDIR")) {
data/acedb-4.9.39+dfsg.02/w9/efetch.c:405:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("SEQDBIDX");
data/acedb-4.9.39+dfsg.02/w9/efetch.c:418:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("DIVTABL");
data/acedb-4.9.39+dfsg.02/w9/efetch.c:532:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("SEQDB");
data/acedb-4.9.39+dfsg.02/w9/fetch.c:43:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (env = getenv("SWDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:49:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (env = getenv("PIRDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:55:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (env = getenv("WORMDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:63:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (env = getenv("EMBLDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:69:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (env = getenv("GBDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:75:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (env = getenv("PRODOMDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:83:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (env = getenv("PROSITEDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:146:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((optc = getopt(argc, argv, optstring)) != -1)
data/acedb-4.9.39+dfsg.02/w9/fetch.c:240:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (env = getenv("DBDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:282:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (env = getenv("DBDIR")) {
data/acedb-4.9.39+dfsg.02/w9/fetch.c:306:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("SEQDBIDX");
data/acedb-4.9.39+dfsg.02/w9/fetch.c:319:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("DIVTABL");
data/acedb-4.9.39+dfsg.02/w9/fetch.c:433:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("SEQDB");
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:954:70: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
{ messout("I can't scan line %d of the GF_TABLES file: %s", i, getenv("GF_TABLES")) ;
data/acedb-4.9.39+dfsg.02/w9/readseq.c:214:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv ("BLASTMAT"))
data/acedb-4.9.39+dfsg.02/w9/readseq.c:215:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strcpy (matdirname, getenv ("BLASTMAT")) ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:594:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv ("SCF_DATA")))
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:620:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv ("CTF_DATA")))
data/acedb-4.9.39+dfsg.02/wac/acclient_socket.c:106:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
fname = getenv("ACEDB_USERNAME");
data/acedb-4.9.39+dfsg.02/wace/pmapace.c:116:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!(acedb_data = getenv ("ACEDB_DATA")))
data/acedb-4.9.39+dfsg.02/wace/stockace.c:566:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!(acedb_data = getenv ("ACEDB_DATA")))
data/acedb-4.9.39+dfsg.02/wdce/aceservercontrolpanel.cpp:74:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if( strcmp(getenv("OS"),"Windows_NT") )
data/acedb-4.9.39+dfsg.02/wdce/asinstall.cpp:60:22: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
if( (hModule = ::LoadLibrary("ASConfig.cpl")) != NULL )
data/acedb-4.9.39+dfsg.02/wh/dbidx.h:78:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt(),
data/acedb-4.9.39+dfsg.02/wh/getopt.h:180:12: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt (int __argc, char *const *__argv, const char *__shortopts);
data/acedb-4.9.39+dfsg.02/wh/getopt.h:182:12: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt ();
data/acedb-4.9.39+dfsg.02/wh/getopt.h:186:12: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt_long (int __argc, char *const *__argv, const char *__shortopts,
data/acedb-4.9.39+dfsg.02/wh/getopt.h:199:12: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt ();
data/acedb-4.9.39+dfsg.02/wh/getopt.h:201:12: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt_long ();
data/acedb-4.9.39+dfsg.02/wh/mydirent.h:73:9: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
#define getwd(buf) getcwd(buf,MAXPATHLEN - 2)
data/acedb-4.9.39+dfsg.02/wh/mydirent.h:75:14: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
extern char *getwd(char *pathname) ;
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:370:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char * getenv (const char *name);
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:458:11: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
char getopt (int c, char **s1, char *s2);
data/acedb-4.9.39+dfsg.02/win32/winaceshell.c:45:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv ("ACEDB"))
data/acedb-4.9.39+dfsg.02/win32/winaceshell.c:46:36: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cygwin_conv_to_full_win32_path(getenv("ACEDB"), cwd);
data/acedb-4.9.39+dfsg.02/wnq/bindex.c:1045:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("ACEDB_NO_INDEX")) /* if true, indices wont be used, even if available */
data/acedb-4.9.39+dfsg.02/wnq/bindex.c:1054:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("ACEDB_INDEX"))
data/acedb-4.9.39+dfsg.02/wrpc/aceserver.c:874:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cp = getenv ("HOST") ; if (!cp) cp = "(unknown)" ;
data/acedb-4.9.39+dfsg.02/wrpc/acesyb.c:601:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("AY_TRACE")) {
data/acedb-4.9.39+dfsg.02/wrpc/acesyb.c:602:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
sscanf(getenv("AY_TRACE"),"%d",&ayTrace);
data/acedb-4.9.39+dfsg.02/wrpc/acesyb.c:607:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("AY_CACHE")) {
data/acedb-4.9.39+dfsg.02/wrpc/acesyb.c:608:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
sscanf(getenv("AY_CACHE"),"%d",&ayMaxSize);
data/acedb-4.9.39+dfsg.02/wrpc/acesyb.c:625:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!(AY_USER=getenv("AY_USER")))
data/acedb-4.9.39+dfsg.02/wrpc/acesyb.c:627:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!(AY_PW=getenv("AY_PW")))
data/acedb-4.9.39+dfsg.02/wrpc/acesybase.c:243:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("ACESYBASE_TRACE")) {
data/acedb-4.9.39+dfsg.02/wrpc/acesybase.c:244:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
sscanf(getenv("ACESYBASE_TRACE"),"%d",&acesybaseTrace);
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:372:20: [3] (tmpfile) tempnam:
Temporary file race condition (CWE-377).
if (!(tempName = tempnam("/var/tmp", ".acenetcl"))) {
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:399:20: [3] (tmpfile) tempnam:
Temporary file race condition (CWE-377).
if (!(tempName = tempnam("/var/tmp", ".acenetcl"))) {
data/acedb-4.9.39+dfsg.02/wsocket/serverace.c:1332:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cp = getenv("HOST") ;
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:451:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int random ;
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:455:35: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
char random_str[MAKE_INT_STRING(random)] ;
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:477:36: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
|| sprintf(random_str, "%d", random) < 1
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:131:17: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
if (NULL == tmpnam(fname))
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:181:26: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
if (NULL == (fname = tmpnam(NULL)))
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:290:5: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
tmpnam(fname);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:318:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
rawData = (char *)getenv ("RAWDATA");
data/acedb-4.9.39+dfsg.02/w1/acein.c:70:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char special[MAXSPECIAL] ;
data/acedb-4.9.39+dfsg.02/w1/acein.c:88:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char special[256] ;
data/acedb-4.9.39+dfsg.02/w1/acein.c:253:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/acedb-4.9.39+dfsg.02/w1/acein.c:512:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(fi->stream[fi->streamlevel].prompt, "> ");
data/acedb-4.9.39+dfsg.02/w1/acein.c:1981:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (fi->card, oldCard, fi->maxcard/2) ;
data/acedb-4.9.39+dfsg.02/w1/acein.c:2147:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[MAXPATHLEN+10];
data/acedb-4.9.39+dfsg.02/w1/aceout.c:635:3: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
(tmpfile ? tmpfile : "/var/tmp") ;
data/acedb-4.9.39+dfsg.02/w1/aceout.c:635:13: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
(tmpfile ? tmpfile : "/var/tmp") ;
data/acedb-4.9.39+dfsg.02/w1/aceout.c:637:10: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
(tmpfile ? tmpfile : "/cygdrive/c/Temp") ;
data/acedb-4.9.39+dfsg.02/w1/aceout.c:637:20: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
(tmpfile ? tmpfile : "/cygdrive/c/Temp") ;
data/acedb-4.9.39+dfsg.02/w1/aceout.c:639:10: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
(tmpfile ? tmpfile : "/tmp") ;
data/acedb-4.9.39+dfsg.02/w1/aceout.c:639:20: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
(tmpfile ? tmpfile : "/tmp") ;
data/acedb-4.9.39+dfsg.02/w1/arraysub.c:244:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new,a->base,a->size*a->max) ;
data/acedb-4.9.39+dfsg.02/w1/arraysub.c:305:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new->base, old->base, old->dim * old->size);
data/acedb-4.9.39+dfsg.02/w1/arraysub.c:327:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b->base, a->base + x1, b->max * b->size);
data/acedb-4.9.39+dfsg.02/w1/arraysub.c:795:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->a->base, a->base, n) ;
data/acedb-4.9.39+dfsg.02/w1/arraysub.c:960:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->ptr,data,size);
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:347:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char posix[PATH_MAX];
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:542:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (!(result = fopen (stackText(s, 0), spec)))
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:569:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmppath[PATH_MAX];
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:808:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dName, entryPathName[MAXPATHLEN], *leaf ;
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:912:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((curr_file = open(curr_name, O_RDONLY, 0)) == -1)
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:921:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((new_file = open(new_name, O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR)) == -1)
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:994:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_modified_str[25];
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char special[24] ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:137:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (card, oldCard, maxcard/2) ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:147:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char special[256] ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:244:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for (cp = (unsigned char *) stackText (parStack,
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1304:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cq, "<") ; cq += 4 ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1308:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cq, ">") ; cq += 4 ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1312:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cq, """) ; cq += 6 ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1316:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cq, "'") ; cq += 6 ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1320:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cq, "&") ; cq += 5 ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1324:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cq, "&") ; cq += 5 ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1413:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ace_time[25] ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1421:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ace_time[25] ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1430:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[25] ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:171:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename_array[MAXPATHLEN] = "";
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:365:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char link_path_array[MAXPATHLEN] = "";
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:612:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (cp,
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:625:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (cp, "</UL>\n") ;
data/acedb-4.9.39+dfsg.02/w1/memsubs.c:159:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512] ; /* Don't use dynamic buffer because of */
data/acedb-4.9.39+dfsg.02/w1/memsubs.c:178:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (sprintf(&(buffer[0]),
data/acedb-4.9.39+dfsg.02/w1/messubs.c:155:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char messbuf[BUFSIZE] ;
data/acedb-4.9.39+dfsg.02/w1/messubs.c:495:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[2056] ;
data/acedb-4.9.39+dfsg.02/w1/messubs.c:828:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errmess[ERRBUFSIZE] ;
data/acedb-4.9.39+dfsg.02/w1/msort.c:67:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (b0, b1, n1 * sizeof (int)) ;
data/acedb-4.9.39+dfsg.02/w1/msort.c:68:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (b, buf, (n - n2) * sizeof (int)) ;
data/acedb-4.9.39+dfsg.02/w1/msort.c:91:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (b0, b1, s) ;
data/acedb-4.9.39+dfsg.02/w1/msort.c:96:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (b0, b2, s) ;
data/acedb-4.9.39+dfsg.02/w1/msort.c:102:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (b0, b1, n1 * s) ;
data/acedb-4.9.39+dfsg.02/w1/msort.c:103:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (b, buf, (n - n2) * s) ;
data/acedb-4.9.39+dfsg.02/w1/msort.c:111:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuf [4*1024] ;
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:76:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10000] ; /* text-buffer for wordwrapping */
data/acedb-4.9.39+dfsg.02/w1/utils.c:349:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
secs = atoi(secs_str) ;
data/acedb-4.9.39+dfsg.02/w1/vtxt.c:283:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cp, txt, len) ;
data/acedb-4.9.39+dfsg.02/w2/colcontrol.c:782:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2];
data/acedb-4.9.39+dfsg.02/w2/filquery.c:45:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char file_filter[32], file_spec[3];
data/acedb-4.9.39+dfsg.02/w2/filquery.c:61:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char address[128] ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:344:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempName[DIR_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:422:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char defaultDir[DIR_BUFFER_SIZE], defaultFile[FIL_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:436:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN] ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:459:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(file_filter, "*.*") ; /* selecting files */
data/acedb-4.9.39+dfsg.02/w2/gex.c:143:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char defaultDir[DIR_BUFFER_SIZE], defaultFile[FIL_BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w2/gex.c:662:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char selectedPath[MAX_PATH];
data/acedb-4.9.39+dfsg.02/w2/gex.c:663:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char winPath[MAX_PATH];
data/acedb-4.9.39+dfsg.02/w2/gex.c:666:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[FIL_BUFFER_SIZE+DIR_BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w2/gex.c:718:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char types_buff[400]; /* So sue me */
data/acedb-4.9.39+dfsg.02/w2/gex.c:917:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[FIL_BUFFER_SIZE+DIR_BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w2/gex.c:2249:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[20+1];
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:121:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char currHelpFilename[MAXPATHLEN];
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:406:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fname[FIL_BUFFER_SIZE], dname[DIR_BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:407:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char helpFilename[DIR_BUFFER_SIZE+FIL_BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:596:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10000]; /* for word wrapping ops */
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:941:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fil = fopen (filename, "rb")) ||
data/acedb-4.9.39+dfsg.02/w2/graphascii.c:101:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char space[301] ;
data/acedb-4.9.39+dfsg.02/w2/graphascii.c:269:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fil = fopen (localfilname,"w")))
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:1976:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "%d", *p) ;
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:1986:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "%.4g", *p) ;
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:2059:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(e->text, "%d", *(int*)e->p) ;
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:2063:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(e->text, "%.4g", *(float*)e->p) ;
data/acedb-4.9.39+dfsg.02/w2/graphgdi.c:351:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ip, lineaddr, line);
data/acedb-4.9.39+dfsg.02/w2/graphgdi.c:632:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char selectedPath[MAX_PATH];
data/acedb-4.9.39+dfsg.02/w2/graphgdk.c:97:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *fontNames[4][6] =
data/acedb-4.9.39+dfsg.02/w2/graphgdk.c:130:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *fontNames[4][6] =
data/acedb-4.9.39+dfsg.02/w2/graphgdk.c:613:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/acedb-4.9.39+dfsg.02/w2/graphgdkremote.c:438:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new, comma, comma_len) ;
data/acedb-4.9.39+dfsg.02/w2/graphgdkremote.c:477:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char winname[MAX_PATH];
data/acedb-4.9.39+dfsg.02/w2/graphgif.c:263:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2] ;
data/acedb-4.9.39+dfsg.02/w2/graphgtk.c:1125:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copyCommand, commandText, nitems);
data/acedb-4.9.39+dfsg.02/w2/graphmesglist.c:516:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fname[FIL_BUFFER_SIZE]="", dname[DIR_BUFFER_SIZE]="" ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:80:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printerBuffer[80] ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:82:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirBuffer[MAXPATHLEN] ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:83:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filBuffer[FIL_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:84:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char copyBuffer[MAXPATHLEN+FIL_BUFFER_SIZE+5] ; /* +5 for extension */
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:85:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mailerBuffer[80] ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:86:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char titleBuffer[80] ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:93:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scaleText[10] ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:97:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pageText[5] ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:636:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXC], *cp ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:760:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pd->pageText, "%d", pd->pages) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1093:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pd->pageText, "%d", pd->pages) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1153:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (result->printerBuffer, "lpr") ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1174:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, fb[FIL_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w2/graphps.c:287:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hexVal[256];
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:152:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char map[256] ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:156:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(map, newMap, 256);
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1138:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char directory[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1139:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w2/graphtest.c:112:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char prompt[128] = "Initial test prompt" ;
data/acedb-4.9.39+dfsg.02/w2/viewedit.c:140:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[200];
data/acedb-4.9.39+dfsg.02/w3/xacemain.c:80:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirName[DIR_BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w4/banner.c:183:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char params[256];
data/acedb-4.9.39+dfsg.02/w4/banner.c:185:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (params, "%d %d %d",
data/acedb-4.9.39+dfsg.02/w4/command.c:370:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ FILE *f = fopen ("seqused.ace","w") ;
data/acedb-4.9.39+dfsg.02/w4/command.c:1222:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dumpDir[DIR_BUFFER_SIZE] = "" ;
data/acedb-4.9.39+dfsg.02/w4/command.c:2247:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf0[2] = {0, '\n'} ;
data/acedb-4.9.39+dfsg.02/w4/command.c:2248:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [3] ;
data/acedb-4.9.39+dfsg.02/w4/command.c:3632:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
aql_debug_level = atoi (ad_string);
data/acedb-4.9.39+dfsg.02/w4/command.c:3683:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf0[2] = {0, '\n'} ;
data/acedb-4.9.39+dfsg.02/w4/command.c:3684:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buft [2] ;
data/acedb-4.9.39+dfsg.02/w4/command.c:4061:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char time_last_modified[25] = "" ;
data/acedb-4.9.39+dfsg.02/w4/commandmenu.c:501:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *word, prev_word[1000] ;
data/acedb-4.9.39+dfsg.02/w4/dbpath.c:101:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[256];
data/acedb-4.9.39+dfsg.02/w4/dump.c:95:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dumpDir[DIR_BUFFER_SIZE] = ""; /* use this to choose where to dump too */
data/acedb-4.9.39+dfsg.02/w4/dump.c:259:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2] ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:369:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2] ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:469:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char date[12] ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:470:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[DIR_BUFFER_SIZE+FIL_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:497:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (name, ".ace");
data/acedb-4.9.39+dfsg.02/w4/dump.c:524:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char directory[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w4/dump.c:525:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[FIL_BUFFER_SIZE] = "parse_log";
data/acedb-4.9.39+dfsg.02/w4/dump.c:602:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirSelection[DIR_BUFFER_SIZE] = "" ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:603:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileSelection[FIL_BUFFER_SIZE] = "" ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:697:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dump_prefix[FIL_BUFFER_SIZE] = "" ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:746:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dump_prefix, fileSelection, bytes) ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:997:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char directory[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w4/dump.c:998:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w4/gifcommand.c:366:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[MAXPATHLEN] ;
data/acedb-4.9.39+dfsg.02/w4/gifcommand.c:378:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (fileName, ".ps");
data/acedb-4.9.39+dfsg.02/w4/gifcommand.c:423:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[MAXPATHLEN];
data/acedb-4.9.39+dfsg.02/w4/gifcommand.c:609:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (!(fil = fopen (word, "w")))
data/acedb-4.9.39+dfsg.02/w4/gifcommand.c:627:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (!(fil = fopen (word, "w")))
data/acedb-4.9.39+dfsg.02/w4/logsubs.c:67:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char logfile_host[MAXHOSTNAMELEN + 1] = "" ;
data/acedb-4.9.39+dfsg.02/w4/logsubs.c:278:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logFileBackupName[MAXPATHLEN]; /* This is not actually going to do
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:91:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char template[TEMPLATE_LENGTH] ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char whatdoIdoText[ACTIVITY_LENGTH] ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:704:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[80] ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:1837:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pick->whatdoIdoText, "Ready") ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:2087:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char localText[256] , lastText[256] ;
data/acedb-4.9.39+dfsg.02/w4/model.c:142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, *word, buf[2], inQuotes = 0;
data/acedb-4.9.39+dfsg.02/w4/model.c:175:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fil = fopen (aceTmpGetFileName(tmp_sysmodel), "r");
data/acedb-4.9.39+dfsg.02/w4/model.c:185:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fil = fopen (cp, "r");
data/acedb-4.9.39+dfsg.02/w4/model.c:426:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf[256] ;
data/acedb-4.9.39+dfsg.02/w4/model.c:448:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, buf [256] ;
data/acedb-4.9.39+dfsg.02/w4/model.c:491:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256]; /* recursive routine, save memory */
data/acedb-4.9.39+dfsg.02/w4/newkey.c:63:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nameText[128] ;
data/acedb-4.9.39+dfsg.02/w4/newkey.c:67:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char classNameBuf[32] = {'\0'} ;
data/acedb-4.9.39+dfsg.02/w4/parse.c:142:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *parse_err_typestrings[4] = {"update", "general", "array", "object"} ;
data/acedb-4.9.39+dfsg.02/w4/parse.c:259:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char itemText[64], lineText[64], nparsedText[64], nokText[64], nerrorText[64] ;
data/acedb-4.9.39+dfsg.02/w4/parse.c:260:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirSelection[DIR_BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w4/parse.c:261:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileSelection[FIL_BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w4/parse.c:1259:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128] ;
data/acedb-4.9.39+dfsg.02/w4/parse.c:1263:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%1.7g", bigfloat) ; sscanf (buf, "%f", &fx) ;
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:116:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[256];
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:119:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefbuff[256];
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:280:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuff[255];
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:281:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valbuff[255];
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:301:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(valbuff, "%d", item->value.ival);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:307:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(valbuff, "%d", item->value.ival);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:313:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(valbuff, "%f", item->value.fval);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:333:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAXPATHLEN] = "";
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:350:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filename,".acedbrc");
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:375:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[FIL_BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:383:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filename,"/.acedbrc");
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:446:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(item.name,"OLD_STYLE_MAIN_WINDOW");
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:455:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(item.name,"AUTO_DISPLAY");
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:474:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(item.name,"HORIZONTAL_TREE");
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:483:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(item.name,"ACTION_MENU_IN_TREE_DISPLAY");
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:492:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(item.name,"NO_MESSAGE_WHEN_DISPLAY_BLOCK");
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:516:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(item.name,"TAG_COLOUR_IN_TREE_DISPLAY");
data/acedb-4.9.39+dfsg.02/w4/session.c:1332:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lockFd = open(filename, O_RDONLY);
data/acedb-4.9.39+dfsg.02/w4/session.c:1349:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lockFd = open (filename, O_RDWR | O_CREAT | O_SYNC, 0644) ;
data/acedb-4.9.39+dfsg.02/w4/session.c:1823:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dbname[32] = "";
data/acedb-4.9.39+dfsg.02/w4/session.c:1927:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullFileName[MAXPATHLEN];
data/acedb-4.9.39+dfsg.02/w4/session.c:2121:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (thisSession.name, "Empty_db") ;
data/acedb-4.9.39+dfsg.02/w4/session.c:2803:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (name, "a");
data/acedb-4.9.39+dfsg.02/w4/session.c:3524:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char readlock_filename[MAXPATHLEN] = "";
data/acedb-4.9.39+dfsg.02/w4/session.c:3628:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host_name[100];
data/acedb-4.9.39+dfsg.02/w4/session.c:3649:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(readlock_filename, O_RDWR | O_CREAT | O_SYNC, 0666);
data/acedb-4.9.39+dfsg.02/w4/session.c:3703:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(readlock_filename, "a");
data/acedb-4.9.39+dfsg.02/w4/session.c:3718:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host_name[100];
data/acedb-4.9.39+dfsg.02/w4/session.c:3720:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_filename[MAXPATHLEN] = "";
data/acedb-4.9.39+dfsg.02/w4/session.c:3801:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lockfile_name[MAXPATHLEN];
data/acedb-4.9.39+dfsg.02/w4/session.c:3805:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_host_name[100];
data/acedb-4.9.39+dfsg.02/w4/status.c:451:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ww[1000] ;
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:322:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2] ;
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:554:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parse_special[24];
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:582:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (parse_special, "\n\t/@\\"); /* exclude % */
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:584:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (parse_special, "\n\t/@%\\"); /* include % */
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:954:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oneCharBuf[2];
data/acedb-4.9.39+dfsg.02/w4/tabledefsubs.c:565:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c1, c, sizeof(COL)) ;
data/acedb-4.9.39+dfsg.02/w4/update.c:163:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[256] , * fn;
data/acedb-4.9.39+dfsg.02/w5/acache.c:110:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ACACHE up , next ; char format[32] ;
data/acedb-4.9.39+dfsg.02/w5/adisk.c:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbName[32] ; /* added as of release 4.3 */
data/acedb-4.9.39+dfsg.02/w5/adisk.c:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024] ; /* the actual file name */
data/acedb-4.9.39+dfsg.02/w5/adisk.c:684:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(p->name, "wb") ;
data/acedb-4.9.39+dfsg.02/w5/adisk.c:692:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(p->name, "ab") ;
data/acedb-4.9.39+dfsg.02/w5/adisk.c:730:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
p->r = open(p->name, O_RDONLY | O_BINARY | syncMode, 0);
data/acedb-4.9.39+dfsg.02/w5/adisk.c:740:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
p->w = open(p->name, O_WRONLY | O_BINARY | syncMode, 0);
data/acedb-4.9.39+dfsg.02/w5/disknew.c:167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[LG_NAME]; /* machine on which is the partition */
data/acedb-4.9.39+dfsg.02/w5/disknew.c:168:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileSystem[LG_NAME]; /* partition file system or "ACEDN if
data/acedb-4.9.39+dfsg.02/w5/disknew.c:170:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[LG_NAME]; /* file name or "NONE" if not a file
data/acedb-4.9.39+dfsg.02/w5/disknew.c:442:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
blockfile = fopen(pnam, "ab");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:453:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
blockfile = fopen(pnam, "wb") ;
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1022:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(partName, mode, 0);
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1050:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
{ memcpy(©Block, bp, sizeof(BLOCK));
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1141:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(partName, O_RDONLY | O_BINARY ,0);
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1256:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (partitionName, O_RDONLY);
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1473:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pp->hostname, "local");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1474:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pp->fileSystem, "ACEDB");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1475:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pp->fileName, "blocks.wrm");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1608:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileSystem[256], fileName[256], mapString[256] ;
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1618:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( mapString, "%d %d\n", totalNbPartitions_L, lastPartition_L) ;
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1627:36: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (!strlen(pp->fileSystem)) strcpy(fileSystem, "ACEDB");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1628:36: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (!strlen(pp->fileName)) strcpy(fileName, "NONE");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1652:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileSystem[256], fileName[256];
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1659:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fil = fopen(mapName, "w");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1684:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fileSystem, "ACEDB");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1687:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fileName, "NONE");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1730:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pp->hostname, "local");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1732:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pp->fileName, "blocks.wrm");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1864:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char error_text[5000] = "";
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1878:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(error_text, "The maximum file size has been exceeded. "
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1883:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(error_text, "The quota of disk-blocks or i-nodes defined for the user "
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1896:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(error_text, "You have reached the soft limit for open files for this process. "
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1901:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(error_text, "The system file table is full\n");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1913:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(error_text, "The disk access request size was "
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1925:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(error_text, "It seems that the NFS server mounting the database disk has "
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1931:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(error_text, "The NFS server of the database "
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1936:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(error_text, "The network connection to the NFS "
data/acedb-4.9.39+dfsg.02/w5/lexalpha.c:82:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ff[MAXCLASS] ; /* flags the class present in ks */
data/acedb-4.9.39+dfsg.02/w5/lexalpha.c:165:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char isMarked[MAXCLASS] ; /* class changed - rebuild needed */
data/acedb-4.9.39+dfsg.02/w5/lexalpha.c:166:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char isTouched[MAXCLASS] ; /* lexalpha changed - needs saving */
data/acedb-4.9.39+dfsg.02/w5/lexsubs4.c:440:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[24] ;
data/acedb-4.9.39+dfsg.02/w5/lexsubs4.c:441:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "_voc%d", t) ;
data/acedb-4.9.39+dfsg.02/w6/acedbgraph.c:451:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[41];
data/acedb-4.9.39+dfsg.02/w6/acedbgraph.c:724:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[41];
data/acedb-4.9.39+dfsg.02/w6/aqldisp.c:52:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[1000];
data/acedb-4.9.39+dfsg.02/w6/asubs.c:279:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a->base + i*a->size, bp->n, j*a->size) ;
data/acedb-4.9.39+dfsg.02/w6/asubs.c:356:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bp->n, a->base + i*a->size, k*a->size) ;
data/acedb-4.9.39+dfsg.02/w6/asubs.c:512:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cp, hh->base, hh->max * hh->size) ; cp += 3 * hh->size ;
data/acedb-4.9.39+dfsg.02/w6/asubs.c:513:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cp, a->base, na * as) ; cp += na * as ;
data/acedb-4.9.39+dfsg.02/w6/asubs.c:514:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cp, s->a->base, ns) ; cp += ns ;
data/acedb-4.9.39+dfsg.02/w6/asubs.c:548:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (hh->base, cp, 3 * hh->size) ; cp += 3 * hh->size ;
data/acedb-4.9.39+dfsg.02/w6/asubs.c:562:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (a->base, cp, na * as) ; cp += na * as ;
data/acedb-4.9.39+dfsg.02/w6/asubs.c:573:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->a->base, cp, ns) ; cp += ns ;
data/acedb-4.9.39+dfsg.02/w6/bsdumps.c:255:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
{ BREAK = atoi(s) ;
data/acedb-4.9.39+dfsg.02/w6/bssubs.c:2658:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zbuf[128] ;
data/acedb-4.9.39+dfsg.02/w6/bssubs.c:2660:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (zbuf, "%1.7g", zf) ; sscanf (zbuf, "%f", &zf) ;
data/acedb-4.9.39+dfsg.02/w6/bstree.c:66:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char BSbuffer[BLOC_SIZE]; /*to allow for the \t*/
data/acedb-4.9.39+dfsg.02/w6/display.c:119:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[42], help[32] ;
data/acedb-4.9.39+dfsg.02/w6/display.c:510:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(new, "%%%2.2X", c);
data/acedb-4.9.39+dfsg.02/w6/dnasubs.c:246:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[FASTA_CHARS + 2] ; /* FastA chars + \n + \0 */
data/acedb-4.9.39+dfsg.02/w6/dnasubs.c:275:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buffer[0], cp, FASTA_CHARS) ;
data/acedb-4.9.39+dfsg.02/w6/dnasubs.c:285:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buffer[0], cp, chars_left) ;
data/acedb-4.9.39+dfsg.02/w6/dnasubs.c:459:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer [4010] ;
data/acedb-4.9.39+dfsg.02/w6/dnasubs.c:550:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbp[16] ;
data/acedb-4.9.39+dfsg.02/w6/dnasubs.c:632:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char undoublepack[4] ; /* {A_, T_, G_, C_} ; RD must be static to initialise on SGI */
data/acedb-4.9.39+dfsg.02/w6/dnasubs.c:633:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newundoublepack[4] ; /* {A_, G_, C_, T_} ; RD must be static to initialise on SGI */
data/acedb-4.9.39+dfsg.02/w6/dnasubs.c:1019:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char directory[DIR_BUFFER_SIZE]= "";
data/acedb-4.9.39+dfsg.02/w6/dnasubs.c:1020:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w6/dnasubs.c:1446:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2] ;
data/acedb-4.9.39+dfsg.02/w6/forest.c:110:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mot[1024], *title, cq [20] ;
data/acedb-4.9.39+dfsg.02/w6/forest.c:270:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [200] ;
data/acedb-4.9.39+dfsg.02/w6/forest.c:1161:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cc, dd[8], ee[8] ;
data/acedb-4.9.39+dfsg.02/w6/ksetdisp.c:131:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txtBuffer[60], queryBuffer[256] ;
data/acedb-4.9.39+dfsg.02/w6/ksetdisp.c:311:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(look->txtBuffer,"%d items %d selected", look->nitem, look->nselected);
data/acedb-4.9.39+dfsg.02/w6/ksetdisp.c:313:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(look->txtBuffer,"%d items %d selected (%d off screen)",
data/acedb-4.9.39+dfsg.02/w6/ksetdisp.c:458:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char directory[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w6/ksetdisp.c:459:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w6/ksetdisp.c:1744:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char directory[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w6/ksetdisp.c:1745:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w6/ksetdisp.c:1993:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf,"KeySet Class Information\n");
data/acedb-4.9.39+dfsg.02/w6/longtextdisp.c:193:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char directory[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w6/longtextdisp.c:194:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w6/longtextdisp.c:527:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dName[DIR_BUFFER_SIZE]="", filName[FIL_BUFFER_SIZE]="" ;
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:113:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, buf[8] ;
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:305:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2] ;
data/acedb-4.9.39+dfsg.02/w6/peptide.c:271:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char C_atoms[26] =
data/acedb-4.9.39+dfsg.02/w6/peptide.c:273:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char H_atoms[26] =
data/acedb-4.9.39+dfsg.02/w6/peptide.c:275:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char N_atoms[26] =
data/acedb-4.9.39+dfsg.02/w6/peptide.c:277:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char O_atoms[26] =
data/acedb-4.9.39+dfsg.02/w6/peptide.c:279:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char S_atoms[26] =
data/acedb-4.9.39+dfsg.02/w6/peptide.c:281:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char Se_atoms[26] =
data/acedb-4.9.39+dfsg.02/w6/peptide.c:532:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[3] ;
data/acedb-4.9.39+dfsg.02/w6/peptide.c:543:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[3] ;
data/acedb-4.9.39+dfsg.02/w6/peptide.c:660:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer [4100] ;
data/acedb-4.9.39+dfsg.02/w6/peptide.c:1122:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fname[FIL_BUFFER_SIZE]="", dname[DIR_BUFFER_SIZE]="" ;
data/acedb-4.9.39+dfsg.02/w6/peptide.c:1191:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char directory[DIR_BUFFER_SIZE]= "";
data/acedb-4.9.39+dfsg.02/w6/peptide.c:1192:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w6/peptide.c:1207:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [55] ;
data/acedb-4.9.39+dfsg.02/w6/peptide.c:1444:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[4*4*4+1] ;
data/acedb-4.9.39+dfsg.02/w6/peptide.c:1473:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xl[3] ;
data/acedb-4.9.39+dfsg.02/w6/peptide.c:1535:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2] ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[48], subtitle[24] ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[FIL_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirName[DIR_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:53:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuffer [8], zoneBuffer [24], xBuffer [16], yBuffer [16], stepBuffer [10] ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:137:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (look->xBuffer, "%g", x/look->xDiv) ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:138:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (look->yBuffer, "%g", look->y) ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:920:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(look->sBuffer, "%d", look->s) ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:922:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(look->stepBuffer, "%d", look->step) ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:926:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(look->zoneBuffer, "%d %d", zoneMin, zoneMax) ;
data/acedb-4.9.39+dfsg.02/w6/plot2d.c:46:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[48], subtitleX[24], subtitleY[24] ;
data/acedb-4.9.39+dfsg.02/w6/plot2d.c:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xBuffer [16], yBuffer [16] ;
data/acedb-4.9.39+dfsg.02/w6/plot2d.c:246:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (p2d->xBuffer, "%g", p2d->x) ;
data/acedb-4.9.39+dfsg.02/w6/plot2d.c:247:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (p2d->yBuffer, "%g", p2d->y) ;
data/acedb-4.9.39+dfsg.02/w6/prefdisp.c:217:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (strcmp((char *)prefvalue, prefDispValue[i].sval) != 0)
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:110:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[BUFFER_SIZE]; /* tag name or entry value */
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:143:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char item_buffer[BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:153:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char qbe_class_buffer[BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:336:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(classesMenu->text, "CLASSES");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char preclass_entry[BUFFER_SIZE]; /* is Find/>? or Follow/> or text srch */
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:91:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char preclass_syntax[BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:93:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char classtag_entry[BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:94:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char classtag_syntax[BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:109:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resbuffer[QBUFF_MULT*BUFFER_SIZE]; /* for forming query commands */
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:290:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(result, " = ");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:302:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(result, " ! ") ;
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:308:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(result, " COUNT ") ;
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:379:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ARR2STRING(qbuild->entries, i), "END");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:403:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qbuild->preclass_syntax, "Find ");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:416:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qbuild->preclass_syntax, "Follow ");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:427:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qbuild->preclass_syntax, "Find ");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:429:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(qbuild->preclass_syntax, " ; Follow ");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:472:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qbuild->classtag_syntax, "Text");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:525:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qbuild->classtag_entry, "ANY CLASS");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:526:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qbuild->classtag_syntax,"Text");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:527:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ARR2STRING(qbuild->entries, ATTRIBUTE), "ANY TAG");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:528:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ARR2STRING(qbuild->entries, CONDITION), "contains");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:529:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ARR2STRING(qbuild->entries, CONJUNCTION), "END");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:716:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(syntax_c, "!=");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:722:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(syntax_c, ">=");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:728:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(syntax_c, "<=");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:894:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(entry_j, "END");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:908:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(entry_j, "and");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:973:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ARR2STRING(qbuild->entries, i), "END");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:986:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(entry_j, "END");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1286:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(preclassMenu->text, "DATA TYPE");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1293:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((preclassMenu + i)->text, "ALL DATA");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1295:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((preclassMenu + i)->text, "KEYSET");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1324:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(newMenu->text, "TAGS IN CLASS");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1331:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((newMenu + i)->text, "USE TREE TAG CHOOSER");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1345:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(newMenu->text, "CLASSES");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1352:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((newMenu + i)->text, "ANY CLASS");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1354:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((newMenu + i)->text, "KEYSET's");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1422:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(newMenu->text, "ATTRIBUTES");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1428:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((newMenu + 1)->text, "ANY TAG");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1436:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((newMenu + i)->text, "USE TREE TAG CHOOSER");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1438:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((newMenu + i)->text, "ITEM NAME");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1934:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qbuild->preclass_entry, "ALL DATA");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1935:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qbuild->preclass_syntax, "Find ");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1937:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qbuild->classtag_entry, "ANY CLASS");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1938:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qbuild->classtag_syntax, "Text");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1940:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ARR2STRING(qbuild->entries, ATTRIBUTE), "ANY TAG");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1941:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ARR2STRING(qbuild->entries, CONDITION), "contains");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1942:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ARR2STRING(qbuild->entries, CONJUNCTION), "END");
data/acedb-4.9.39+dfsg.02/w6/querydisp.c:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirName[DIR_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w6/querydisp.c:69:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[FIL_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w6/querydisp.c:117:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char auto_filename[FILENAME_SIZE];
data/acedb-4.9.39+dfsg.02/w6/sessiondisp.c:644:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (stnew, st, sizeof(ST));
data/acedb-4.9.39+dfsg.02/w6/sessiondisp.c:671:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char letter[2];
data/acedb-4.9.39+dfsg.02/w6/smap.c:2587:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer [8000] ;
data/acedb-4.9.39+dfsg.02/w6/smap.c:2632:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cq += sprintf(cq, "%5d ", start);
data/acedb-4.9.39+dfsg.02/w6/tabledisp.c:573:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[1001];
data/acedb-4.9.39+dfsg.02/w6/tabledisp.c:586:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&line[maxLength-3], "...");
data/acedb-4.9.39+dfsg.02/w6/tabledisp.c:877:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char directory[DIR_BUFFER_SIZE]="";
data/acedb-4.9.39+dfsg.02/w6/tabledisp.c:878:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[FIL_BUFFER_SIZE]="";
data/acedb-4.9.39+dfsg.02/w6/tablemakerdisp.c:82:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirSelection[DIR_BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w6/tablemakerdisp.c:83:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileSelection[FIL_BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:1126:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char directory[DIR_BUFFER_SIZE] = "" ;
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:1127:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[FIL_BUFFER_SIZE] = "object" ;
data/acedb-4.9.39+dfsg.02/w7/alignmentdisp.c:77:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char directory[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/alignmentdisp.c:78:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/biblio.c:727:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char author [200] ;
data/acedb-4.9.39+dfsg.02/w7/biblio.c:926:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char author [200] ;
data/acedb-4.9.39+dfsg.02/w7/cmapdisp.c:64:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32] ;
data/acedb-4.9.39+dfsg.02/w7/cmapdisp.c:1476:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char directory[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/cmapdisp.c:1477:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:217:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[BUF_WIDTH],
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:251:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char messageText[BUF_WIDTH] ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:609:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(look->title,"Taxonomy ") ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:614:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(look->title,"DNA Sequence Phylogeny ") ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:619:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(look->title,"Protein Sequence Phylogeny ") ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:624:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(look->title,"Cell Lineage ") ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:629:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(look->title,"Dendrogram ") ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1514:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ang[16], arc[16] ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1698:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nfacbuf[16] ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:2949:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char brMax[30], brNormal[30], numLeaves[16], scale[24] ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3119:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dirName[DIR_BUFFER_SIZE] = "",
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3439:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char treeObjName[BUFSZ] = "";
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3451:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[BUFSZ+1] ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3507:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSZ+1] ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3526:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rankName[BUFSZ+1] ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3527:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char taxonName[BUFSZ+1] ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3626:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nbuf[BUFSZ+1] ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3733:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name, label[BUFSZ+1],
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3897:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c, *label, listname[BUFSZ+1],
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:4092:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(treeObjName,"Dendrogram") ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:100:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char restriction [BOX_LENGTH + 1] ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:101:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char restriction2 [BOX_LENGTH + 1] ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:531:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mycolor[5] , *cp = mycolor ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:585:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matchString[256] ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:1294:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char directory[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:1295:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:1404:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dnacpt->restriction,"%d sites", n) ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:1538:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fname[FIL_BUFFER_SIZE]="", dname[DIR_BUFFER_SIZE]="" ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:1548:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cq[12] ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:1716:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fileName[FIL_BUFFER_SIZE]="",dirName[DIR_BUFFER_SIZE]="" ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:1718:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256] ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:2004:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[5] ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:2077:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ int i, n = 0, nn = 0 ; char buf[4] ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:2128:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[40] ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:2387:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
codeFile = fopen ("coding.seq","w") ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:2388:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
exonFile = fopen ("exons.seq","w") ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:2855:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256] ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:3026:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char directory[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:3027:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/drawdisp.c:73:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imageFileName[256] ;
data/acedb-4.9.39+dfsg.02/w7/fmap_.h:408:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char originBuf[24], zoneBuf[24], oligoNameBuffer [16] ;
data/acedb-4.9.39+dfsg.02/w7/fmap_.h:409:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char segNameBuf[64], segTextBuf[512] ;
data/acedb-4.9.39+dfsg.02/w7/fmapblast.c:192:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2] ;
data/acedb-4.9.39+dfsg.02/w7/fmapblast.c:240:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2] ;
data/acedb-4.9.39+dfsg.02/w7/fmapcdna.c:1556:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ss1, arrp(dnaEst, 0, char), arrayMax(dnaEst)) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcdna.c:1558:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ss2, arrp(dnaGene, 0, char), arrayMax(dnaGene)) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:1387:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char directory[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:1388:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:1515:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(look->segTextBuf, "%d", (int)GRAPH2MAP(fMapGetMap(look),y));
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:3070:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(look->mainMenu, fMapMenu, FMAPMENU_SIZE) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4045:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(look->segTextBuf, "Confirmed") ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:5097:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char directory[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:5098:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:889:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fname[FIL_BUFFER_SIZE]="", dname[DIR_BUFFER_SIZE]="" ;
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:2271:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (msp->qframe, "(+%d)",
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:2274:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (msp->qframe, "(-%d)",
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:2293:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (msp->qframe, "(+1)") ;
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:2295:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (msp->qframe, "(-1)") ;
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:3734:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dirName[DIR_BUFFER_SIZE] ="", fileName[FIL_BUFFER_SIZE]="";
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:4807:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[50+1] = "pfetch";
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:4808:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[50+1];
data/acedb-4.9.39+dfsg.02/w7/fmapgene.c:171:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char parmsName[64] = "" ;
data/acedb-4.9.39+dfsg.02/w7/fmapgene.c:1016:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char newMethodName[64] ;
data/acedb-4.9.39+dfsg.02/w7/fmapgene.c:2032:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char classtype[40],format[15];
data/acedb-4.9.39+dfsg.02/w7/fmapmenes.c:72:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char question [1024] ;
data/acedb-4.9.39+dfsg.02/w7/fmapmenes.c:95:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c, color, mycolor[5] , *cp = mycolor,
data/acedb-4.9.39+dfsg.02/w7/fmapmenes.c:104:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2] ;
data/acedb-4.9.39+dfsg.02/w7/fmapmenes.c:547:19: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (!*question) strcpy (question, "[0,]n ") ;
data/acedb-4.9.39+dfsg.02/w7/fmaposp.c:1419:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oligoName [35], oligoNameBegin [25] ;
data/acedb-4.9.39+dfsg.02/w7/fmaposp.c:1500:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char oligoName [16] ;
data/acedb-4.9.39+dfsg.02/w7/fmapsequence.c:193:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char letter[2] ;
data/acedb-4.9.39+dfsg.02/w7/fmapsequence.c:1178:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fname[FIL_BUFFER_SIZE]="", dname[DIR_BUFFER_SIZE]="" ;
data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c:72:59: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{ if (*x < CSM-0.3) {*x = CSM-0.3;tcolor = DARKRED; strcpy(buf,"sb");} }
data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c:78:58: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{ if (*x < CSM-1.2) {*x = CSM-1.2;tcolor = YELLOW; strcpy(buf,"sc");} }
data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c:308:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[25], buf[25] ;
data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c:350:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", click);
data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c:352:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "none");
data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c:355:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "none");
data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c:394:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foo[2];
data/acedb-4.9.39+dfsg.02/w7/fpdisp.c:78:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fpRoundingBuffer[5] ;
data/acedb-4.9.39+dfsg.02/w7/fpdisp.c:120:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fileName[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/fpdisp.c:121:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dirName[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/fpdisp.c:743:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fpRoundingBuffer, "%g", rounding) ;
data/acedb-4.9.39+dfsg.02/w7/fpdisp.c:1122:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fpRoundingBuffer, "%g", rounding) ;
data/acedb-4.9.39+dfsg.02/w7/geldisp.c:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char positionBuffer [10] ;
data/acedb-4.9.39+dfsg.02/w7/gmapconvert.c:59:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf[100];
data/acedb-4.9.39+dfsg.02/w7/gmapconvert.c:80:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf[100];
data/acedb-4.9.39+dfsg.02/w7/gmapconvert.c:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf[100];
data/acedb-4.9.39+dfsg.02/w7/gmapconvert.c:94:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "FIND gMap ");
data/acedb-4.9.39+dfsg.02/w7/gmapconvert.c:96:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, ".*");
data/acedb-4.9.39+dfsg.02/w7/gmapdisp.c:201:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp , buffer[41] ;
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:827:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[280],tag[30];
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:831:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *temp[NLINES];
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:314:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[180];
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:382:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[280];
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:571:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char query[280];
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:576:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char text[280];
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:580:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[280];
data/acedb-4.9.39+dfsg.02/w7/gmapposnegcol.c:330:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[2];
data/acedb-4.9.39+dfsg.02/w7/gmapposnegcol.c:466:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[280];
data/acedb-4.9.39+dfsg.02/w7/gmapremarkcol.c:353:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buff[1000];
data/acedb-4.9.39+dfsg.02/w7/gmapremarkcol.c:399:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[280];
data/acedb-4.9.39+dfsg.02/w7/gmapremarkcol.c:402:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *temp[5];
data/acedb-4.9.39+dfsg.02/w7/gmapsubmapcol.c:524:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str1[200];
data/acedb-4.9.39+dfsg.02/w7/gmapsubmapcol.c:554:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str1,"subs.marker.%d", i);
data/acedb-4.9.39+dfsg.02/w7/gmapsubmapcol.c:606:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(str1,"subs.marker.%d", i);
data/acedb-4.9.39+dfsg.02/w7/gmapsubmapcol.c:934:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char lociQuery[280],intQuery[280];
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char genXLabel[32], genYLabel[32] ; /* Martin Ferguson, for generic grid
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:113:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char selectName[64] ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:114:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char probeName[64] ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:115:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char probeClassName[64] ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:120:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reportBuffer[GRID_REPORT_BOX_LEN] ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:388:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[15],colchar[2],rowchar[2];
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:414:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xstart = atoi(&look->genXLabel[0]) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:415:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xend = atoi(&look->genXLabel[3]) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:417:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ystart = atoi(&look->genYLabel[0]) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:418:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
yend = atoi(&look->genYLabel[3]) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:441:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(colchar,"%c",row[k]);
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:443:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(colchar,"%d",k+1);
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:446:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rowchar,"%c",row[i]);
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:448:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rowchar,"%d",i+1);
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:2201:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xstart = atoi(&look->genXLabel[0]) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:2202:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xend = atoi(&look->genXLabel[3]) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:2204:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ystart = atoi(&look->genYLabel[0]) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:2205:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
yend = atoi(&look->genYLabel[3]) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:3003:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char directory[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:3004:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/mapcontrol.c:72:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAP_NAME_BUFLEN] ; /* String title of column */
data/acedb-4.9.39+dfsg.02/w7/metab.c:1711:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf[300];
data/acedb-4.9.39+dfsg.02/w7/method.c:902:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/acedb-4.9.39+dfsg.02/w7/pepdisp.c:446:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1000]; /* for the name */
data/acedb-4.9.39+dfsg.02/w7/pepfeaturecol.c:186:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[280];
data/acedb-4.9.39+dfsg.02/w7/pepgraphcol.c:152:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numBuff[10];
data/acedb-4.9.39+dfsg.02/w7/pepgraphcol.c:179:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (sprintf(numBuff, "%.1f", private->minval))
data/acedb-4.9.39+dfsg.02/w7/pepgraphcol.c:181:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (sprintf(numBuff, "%.1f", private->maxval))
data/acedb-4.9.39+dfsg.02/w7/pephomolcol.c:388:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msp->qframe, "(+1)");
data/acedb-4.9.39+dfsg.02/w7/pepseqcol.c:544:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str2[4];
data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c:719:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000] ;
data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c:1002:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boxInfoBuf[256] ;
data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c:1162:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (boxInfoBuf, "Cosmid ") ;
data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c:1164:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (boxInfoBuf, "YAC ") ;
data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c:1166:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (boxInfoBuf, "cDNA ") ;
data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c:1168:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (boxInfoBuf, "Fosmid ") ;
data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c:1171:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
{ strcat (boxInfoBuf, "Fingerprinted ") ;
data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c:1188:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
{ strcat (boxInfoBuf, "On_cosmid_grid ") ;
data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c:1195:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
{ strcat (boxInfoBuf, "Sequenced") ;
data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c:1204:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (boxInfoBuf, "Probe") ;
data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c:1221:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (boxInfoBuf, "YAC") ;
data/acedb-4.9.39+dfsg.02/w7/smapconvert.c:839:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CLMethod[255+1]; /* Command Line method */
data/acedb-4.9.39+dfsg.02/w7/smapconvert.c:2686:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(string, ": ");
data/acedb-4.9.39+dfsg.02/w7/vmap_.h:57:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char messageText[128] ;
data/acedb-4.9.39+dfsg.02/w8/aligntools.c:74:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char u[9] ;
data/acedb-4.9.39+dfsg.02/w8/aligntools.c:549:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[33] ;
data/acedb-4.9.39+dfsg.02/w8/aligntools.c:765:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char *cp, *cq, *cp0, *cq0, *vp1, *vp2, *cr, mycolor[5] ;
data/acedb-4.9.39+dfsg.02/w8/basecallstat.c:629:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char u[9] ;
data/acedb-4.9.39+dfsg.02/w8/chronoorder.c:75:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tBuffer[8] , t1Buffer[8] , t2Buffer[8] ;
data/acedb-4.9.39+dfsg.02/w8/chronoorder.c:385:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tBuffer,"%d",(int)(100*t + .1)) ;
data/acedb-4.9.39+dfsg.02/w8/chronoorder.c:390:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(t1Buffer,"%d",(int)(100*t1 + .1)) ;
data/acedb-4.9.39+dfsg.02/w8/chronoorder.c:395:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(t2Buffer,"%d",(int)(100*t2 + .1)) ;
data/acedb-4.9.39+dfsg.02/w8/chronoorder.c:429:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[DIR_BUFFER_SIZE], filname[FIL_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w8/chronoorder.c:436:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(filname,"chrono") ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:1172:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(look->distance, "%f", lambda) ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:1214:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[140] ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:1544:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void defCptDoExportOrder(DEFCPT look, FILE *f, char buf[81])
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:1605:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, buf[81], filname[FIL_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:1610:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(filname, "best.tree") ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:1648:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, buf[81], *buf2, *tmpName = 0 ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:1808:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (look->nboligo, "%d", i) ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:2162:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000] ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:2166:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "How many oligos do you want") ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:2178:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(look->nboligo, "%d", i) ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:2244:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(look->choix, "%d", mu) ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:3064:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (cq, "-active") ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:3443:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char directory[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:3444:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:3473:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fileName[FIL_BUFFER_SIZE], dirName[DIR_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:3497:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(look->nboligo, "%d", (int)2) ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:3498:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(look->choix, "%d", (int)3) ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:3836:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(look->distance, "%f", (float)1.) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:70:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char u[9] ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:107:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[13] ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[16] ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:327:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cdep, buf[60] ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:400:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "You are asking for too many oligos (%d), please confirm", nbolig) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:414:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(look->nboligo, "%d", nbolig) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:785:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base[16] ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:985:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[20] ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1026:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(buff, "_segment_%d.%d.%d", look->id, look->tour, segstep++) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1339:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64] ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1353:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(buff, "_segment_%d.%d.%d", look->id, look->tour, jstep++) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1498:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128], buf2[128] ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1550:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cq0, buf[256] ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1629:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[255] ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1700:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[255], buff[255] ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1880:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, *cq, buff[12] ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1946:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "_paire%d", num++) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:2421:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nom[48] ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:2450:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nom, "_segment_%d.%d", id, isTour) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:2897:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[40], *cp, *cq ;
data/acedb-4.9.39+dfsg.02/w9/asn.c:86:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gChromosome[10]; /* Chromosome name */
data/acedb-4.9.39+dfsg.02/w9/asn.c:87:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gSequence[128]; /* Current sequence name */
data/acedb-4.9.39+dfsg.02/w9/asn.c:88:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gRawClone[128]; /* Unadulterated clone name */
data/acedb-4.9.39+dfsg.02/w9/asn.c:89:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gClone[128]; /* Current clone name */
data/acedb-4.9.39+dfsg.02/w9/asn.c:90:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gClonePat[128]; /* Current clone+gene name pattern */
data/acedb-4.9.39+dfsg.02/w9/asn.c:91:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gRawClonePat[128]; /* Current clone+gene name pattern */
data/acedb-4.9.39+dfsg.02/w9/asn.c:92:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gCloneType[128]; /* Current clone type */
data/acedb-4.9.39+dfsg.02/w9/asn.c:93:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gLibrary[128]; /* Library */
data/acedb-4.9.39+dfsg.02/w9/asn.c:94:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char keyword[10][256]; /* keywords */
data/acedb-4.9.39+dfsg.02/w9/asn.c:95:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gMapPosition[128]; /* Map position, xq28 */
data/acedb-4.9.39+dfsg.02/w9/asn.c:96:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gLocus[256]; /* Current locus name */
data/acedb-4.9.39+dfsg.02/w9/asn.c:98:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gBuf[32000]; /* All-purpose char buffer */
data/acedb-4.9.39+dfsg.02/w9/asn.c:135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[256];
data/acedb-4.9.39+dfsg.02/w9/asn.c:286:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastname[80];
data/acedb-4.9.39+dfsg.02/w9/asn.c:287:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char firstini[80];
data/acedb-4.9.39+dfsg.02/w9/asn.c:327:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(gBuf,"2.2 Mb of contiguous nucleotide sequence from chromosome III of C. elegans");
data/acedb-4.9.39+dfsg.02/w9/asn.c:401:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(gBuf,"The C. briggsae Genome Sequencing Project");
data/acedb-4.9.39+dfsg.02/w9/asn.c:428:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastname[30];
data/acedb-4.9.39+dfsg.02/w9/asn.c:429:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char firstini[30];
data/acedb-4.9.39+dfsg.02/w9/asn.c:430:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char journbuf[128];
data/acedb-4.9.39+dfsg.02/w9/asn.c:431:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pagesbuf[128];
data/acedb-4.9.39+dfsg.02/w9/asn.c:432:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char volumbuf[128];
data/acedb-4.9.39+dfsg.02/w9/asn.c:433:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char titlebuf[512];
data/acedb-4.9.39+dfsg.02/w9/asn.c:556:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trna_codon[32]; /* trna codon (gca, etc.) */
data/acedb-4.9.39+dfsg.02/w9/asn.c:557:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rnaname[32]; /* rna/trna name */
data/acedb-4.9.39+dfsg.02/w9/asn.c:558:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trna_AA[32]; /* trna amino acid (A, etc.) */
data/acedb-4.9.39+dfsg.02/w9/asn.c:559:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gene[256]; /* name of gene (locus or subsequence) */
data/acedb-4.9.39+dfsg.02/w9/asn.c:650:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rnaname,"tRNA-Sup (putative)");
data/acedb-4.9.39+dfsg.02/w9/asn.c:726:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
gbp += sprintf(gbp, " (NID:g%lu)", nid);
data/acedb-4.9.39+dfsg.02/w9/asn.c:732:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
gbp += sprintf(gbp, " (NID:g%lu)", nid);
data/acedb-4.9.39+dfsg.02/w9/asn.c:737:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
gbp += sprintf(gbp, " (NID:g%lu)", nid);
data/acedb-4.9.39+dfsg.02/w9/asn.c:758:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
gbp += sprintf(gbp,
data/acedb-4.9.39+dfsg.02/w9/asn.c:1161:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftype[128];
data/acedb-4.9.39+dfsg.02/w9/asn.c:1162:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ntxt[256];
data/acedb-4.9.39+dfsg.02/w9/asn.c:1163:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char slashname[256];
data/acedb-4.9.39+dfsg.02/w9/asn.c:1191:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(slashname, mtxt+1, cp-mtxt-1);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1214:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(slashname, "note");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1222:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(slashname, "rpt_family");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1270:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtxt[2176];
data/acedb-4.9.39+dfsg.02/w9/asn.c:1271:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftype[128];
data/acedb-4.9.39+dfsg.02/w9/asn.c:1297:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qtxt, "CpG_island ");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1367:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf1[64]; /* Last name or first initial */
data/acedb-4.9.39+dfsg.02/w9/asn.c:1368:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf2[64]; /* Last name or first initial */
data/acedb-4.9.39+dfsg.02/w9/asn.c:1435:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(gCloneType,"clone");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1443:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(gLibrary,"library");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1452:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(gMapPosition,"map_position");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1483:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(gChromosome,"XII");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1495:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(gChromosome,"unknown");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1594:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(gBuf,"Eukaryota; Plantae; Thallobionta; Eumycota; ");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1595:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf,"Hemiascomycetes; Endomycetales; Saccharomycetaceae");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1605:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(gBuf," Submitted by: ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1606:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf," Genome Sequencing Center ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1607:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf," Department of Genetics, Washington University, ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1608:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf," St. Louis, MO 63110, USA~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1609:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf," e-mail: mj@sequencer.wustl.edu~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1612:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf, "~\n NEIGHBORING COSMID INFORMATION:\n");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1618:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(gBuf+strlen(gBuf), "~\"TSL\" = trans-spliced leader.");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1642:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(gBuf,"Eukaryota; Animalia; Eumetazoa; Nematoda; Secernentea; ");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1643:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf,"Rhabditida; Rhabditina; Rhabditoidea; Rhabditidae.");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1652:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(gBuf,"Submitted by: ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1653:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf," Genome Sequencing Center ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1654:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf," Department of Genetics, Washington University, ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1655:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf," St. Louis, MO 63110, USA ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1656:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf," e-mail: mmarra@watson.wustl.edu ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1659:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf, "~~ NEIGHBORING COSMID INFORMATION:~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1667:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(gBuf+strlen(gBuf), " ~ ~NOTES:~~Coding sequences below are predicted from");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1668:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(gBuf+strlen(gBuf), " computer analysis, using the program Genefinder");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1669:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(gBuf+strlen(gBuf), "(P. Green and L. Hillier, ms in preparation).");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1673:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(gBuf+strlen(gBuf), "~\"TSL\" = trans-spliced leader.");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1694:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(gBuf,"Eukaryota; Animalia; Eumetazoa; Nematoda; Secernentea; ");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1695:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf,"Rhabditida; Rhabditina; Rhabditoidea; Rhabditidae.");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1704:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(gBuf,"Submitted by: ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1705:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf," Genome Sequencing Center ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1706:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf," Department of Genetics, Washington University, ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1707:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf," St. Louis, MO 63110, USA, and ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1708:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf," Sanger Centre, Hinxton Hall~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1709:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf," Cambridge CB10 IRQ, England ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1710:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf," e-mail: rw@nematode.wustl.edu and jes@sanger.ac.uk~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1712:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf,"~~NOTICE: This sequence may not be the entire insert of this clone.~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1713:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf,"It may be shorter because we only sequence overlapping sections~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1714:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf,"once, or longer because we provide a small overlap between ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1715:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf,"neighboring submissions.~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1717:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf,"~This sequence was finished as follows unless otherwise noted:~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1718:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf,"all regions were double stranded or sequenced with an alternate ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1719:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf,"chemistry; an attempt was made to resolve all sequencing problems,~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1720:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf,"such as compressions and repeats; all regions were covered by ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1721:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf,"sequence from more than one subclone ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1724:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gBuf, "~~ NEIGHBORING COSMID INFORMATION:~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1734:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(gBuf+strlen(gBuf), " ~ ~NOTES:~~Coding sequences below are predicted from");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1735:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(gBuf+strlen(gBuf), " computer analysis, using the program Genefinder");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1736:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(gBuf+strlen(gBuf), "(P. Green and L. Hillier, ms in preparation).");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1740:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(gBuf+strlen(gBuf), "~\"TSL\" = trans-spliced leader.");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1790:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(gbp = gBuf,"Submitted by:~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:2057:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asnfile[1024]; /* Absolute full file name for ASN.1 output. */
data/acedb-4.9.39+dfsg.02/w9/asn.c:2058:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dname[DIR_BUFFER_SIZE] = {0}; /* Path name of ASN.1 output.*/
data/acedb-4.9.39+dfsg.02/w9/asn.c:2059:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[FIL_BUFFER_SIZE] = {0}; /* ASN.1 output file (no extension). */
data/acedb-4.9.39+dfsg.02/w9/asn.c:2247:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/acedb-4.9.39+dfsg.02/w9/belvu.c:381:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXNAMESIZE+1];
data/acedb-4.9.39+dfsg.02/w9/belvu.c:387:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fetch[MAXNAMESIZE+11];
data/acedb-4.9.39+dfsg.02/w9/belvu.c:438:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *colorNames[NUM_TRUECOLORS] = {
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1156:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(stats, "(unknown position due to insertion)");
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1165:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(stats, "es");
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1351:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpname[MAXNAMESIZE+1], *cp;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1932:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1979:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ichar, "%d", i);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2206:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(widBylen, "(%dx%d)", nseq, maxLen);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2385:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[MAXNAMESIZE+50];
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2386:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, *namep, GRname[MAXNAMESIZE*2+2], GRfeat[MAXNAMESIZE+1];
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2647:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2668:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treeScalestr, "%.2f", treeScale);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2673:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(linewidthstr, "%.2f", treeLinewidth);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4288:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq[1001], *cp, *cq;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4462:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line2[MAXLENGTH+1], *cp=line2, *cq, GRfeat[MAXNAMESIZE+1];
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4779:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4788:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(file = fopen(filename, "r")))
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4807:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!(aln.start = atoi(cp)))
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4811:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!(aln.end = atoi(cp)))
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4902:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5013:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'b': treebootstraps = atoi(optarg); break;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5111:15: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (!*Title) strcpy(Title, "stdin");
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5114:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(pipe = fopen(argv[optind], "r")))
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5151:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(file = fopen(readMatchFile, "r")))
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5190:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(file = fopen(colorCodesFile, "r")))
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5196:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(file = fopen(markupColorCodesFile, "r")))
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5496:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(maxText, "%.2f", maxSimCutoff);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5498:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(midText, "%.2f", midSimCutoff);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5500:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lowText, "%.2f", lowSimCutoff);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5513:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(maxText, "%.1f", maxIdCutoff);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5515:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(midText, "%.1f", midIdCutoff);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5517:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lowText, "%.1f", lowIdCutoff);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5606:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, c, line[MAXLINE+1], setColor[MAXLINE+1];
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5890:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char
data/acedb-4.9.39+dfsg.02/w9/belvu.c:6001:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/acedb-4.9.39+dfsg.02/w9/belvu.c:6094:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(collapseStr, "[%3d]", collapseRes);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7018:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(strtok(linecopy, " "))) n++;;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7019:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
while ( (p = strtok(0, " ")) && atoi(p) ) n++;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7032:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seg->qstart = atoi(i ? strtok(0, " ") : strtok(line, " "));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7033:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seg->qend = atoi(strtok(0, " "));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7034:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seg->start = atoi(strtok(0, " "));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7035:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seg->end = atoi(strtok(0, " "));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7136:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
aln.start = atoi(cp);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7141:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
aln.end = atoi(cp);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7244:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fileName[FIL_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7259:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char retval[1025], *cp, csh[]="/bin/csh";
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:123:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seqfilename[1000] = {'\0'}, FSfilename[1000] = {'\0'} ;
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:130:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char opts[32]=" MBr Z ", /* 0 L|N|P|T|X
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:155:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xtra_filename[1000] = {'\0'} ;
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:216:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pfetch->port = atoi(strtok(NULL, ":")) ;
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:222:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!(dispstart = atoi(optarg)))
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:273:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if(!(seqfile = fopen(seqfilename, "r")))
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:334:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if(!(FSfile = fopen(FSfilename, "r")))
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:345:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(xtra_file = fopen(xtra_filename, "r")))
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:59:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *colorNames[NUM_TRUECOLORS] = {
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:95:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sname[MAXLINE+1], seq[MAXLINE+1];
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE+1];
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:281:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msp->qframe, "(+1)");
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:310:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msp->sname, "gi");
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:436:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gap->s1 = atoi(next_gap);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:440:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gap->s2 = atoi(next_gap);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:444:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gap->r1 = atoi(next_gap);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:448:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gap->r2 = atoi(next_gap);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:525:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp,
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:787:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msp->qframe, "(+1)");
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:797:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scorestring[256];
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:881:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msp->qframe, "(+1)");
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:911:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[MAXLINE+1], *cp ;
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:1035:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BLX_BUF_SIZE] ;
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:46:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char qname[FULLNAMESIZE+1],
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name, seqfilename[MAXLINE+1], HSPfilename[MAXLINE+1];
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:126:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(HSPfile = fopen(HSPfilename, "r"))) {
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:130:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(seqfile = fopen(seqfilename, "r"))) {
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:204:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLENGTH+1], realname[MAXLINE+1];
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:209:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(HSPfile = fopen(realname, "r"))) {
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:228:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[MAXLINE+1], *c ;
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:349:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(file = fopen(argv[argc-1], "r")))
data/acedb-4.9.39+dfsg.02/w9/blxview.c:166:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sname[FULLNAMESIZE+1];
data/acedb-4.9.39+dfsg.02/w9/blxview.c:303:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char actframe[16]="(+1)"; /* Active frame */
data/acedb-4.9.39+dfsg.02/w9/blxview.c:320:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char message[1024],
data/acedb-4.9.39+dfsg.02/w9/blxview.c:552:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(actframe, "(%+d)", plusmin);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:579:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dfault[32] = "";
data/acedb-4.9.39+dfsg.02/w9/blxview.c:593:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dfault, "%d", i);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1124:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fetchMode, "pfetch");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1134:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fetchMode, "efetch");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1142:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fetchMode, "WWW-efetch");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1152:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fetchMode, "acedb");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1161:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fetchMode, "acedb text");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1174:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sortModeStr, "Name");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1183:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sortModeStr, "Score");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1192:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sortModeStr, "Position");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1201:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sortModeStr, "Identity");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1585:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(actframe, "(-1)");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1588:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(actframe, "(+1)");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1637:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fetchMode, "pfetch");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1640:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fetchMode, "WWW-efetch");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1642:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fetchMode, "efetch");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1645:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fetchMode, "acedb");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1647:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fetchMode, "WWW-efetch");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1654:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(URL, "http://www.sanger.ac.uk/cgi-bin/seq-query?");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1688:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(port_str) ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:2221:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[MAXALIGNLEN+1] ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:2489:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(actframe, "(%+d)", frame);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:2567:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "%-9d", dispstart+plusmin*displen + qoffset -plusmin);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:2665:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "%5d %3d %9d",
data/acedb-4.9.39+dfsg.02/w9/blxview.c:2669:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "%-6d", (compN? msp->sstart : msp->send));
data/acedb-4.9.39+dfsg.02/w9/blxview.c:2741:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "%5d %3d", msp->score, msp->id);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:2745:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "%-6d", (compN ? msp->sstart : msp->send));
data/acedb-4.9.39+dfsg.02/w9/blxview.c:2891:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(actframe, "(%+d)", frame);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3370:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen("myoutput","w")))
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3696:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char queryname[NAMESIZE+1] ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3701:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(queryname, "Query");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3722:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message, "%d No subject picked", qpos + qoffset) ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3773:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message, "%d ", qpos + qoffset) ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3776:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(message, "Gapped HSP - no coords");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3915:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dfault[64] = "";
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4188:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dotterqname, "Blixem-seq");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4283:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dotterqname, "Blixem-seq");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4315:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dotterqname, "Blixem-seq");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4424:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stringentEntropywin = atoi(cp);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4430:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mediumEntropywin = atoi(cp);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4436:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nonglobularEntropywin = atoi(cp);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4536:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(stringentEntropytx, "%d", stringentEntropywin);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4540:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mediumEntropytx, "%d", mediumEntropywin);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4544:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nonglobularEntropytx, "%d", nonglobularEntropywin);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4653:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[RCVBUFSIZE] ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4929:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char*)hp->h_addr, (char*) &(servAddr->sin_addr.s_addr), hp->h_length) ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:5007:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[50+1] = "pfetch";
data/acedb-4.9.39+dfsg.02/w9/blxview.c:5008:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[50+1];
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:49:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbsource[32]="";
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:95:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char copy[256];
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:98:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, ptr, n); /* Note: strcpy doesn't work - stops at \0 */
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:249:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[MAXLINE+1];
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:306:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[MAXLINE+1];
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:308:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char junk[32], ACnr[32], TITLEline[MAXLINE];
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:376:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[MAXLINE+1];
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:378:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char junk[32], ACnr[32], TITLEline[MAXLINE];
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:433:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[MAXLINE+1];
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:435:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TITLEline[MAXLINE];
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:505:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[MAXLINE+1];
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:523:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[MAXLINE+1], clean[MAXLINE], pads[10], ichar[10];
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:546:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ichar, "%d", i);
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:572:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[16];
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:602:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[128];
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:604:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((div = fopen(divfile, "r")) == NULL) return NULL;
data/acedb-4.9.39+dfsg.02/w9/diskdump.c:53:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[128];
data/acedb-4.9.39+dfsg.02/w9/diskdump.c:61:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename,":database:blocks.wrm") ;
data/acedb-4.9.39+dfsg.02/w9/diskdump.c:65:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
readblockfile= open(filename,spec);
data/acedb-4.9.39+dfsg.02/w9/diskfix.c:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[BLKMX] ;
data/acedb-4.9.39+dfsg.02/w9/diskfix.c:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a, filename[1024] ;
data/acedb-4.9.39+dfsg.02/w9/diskfix.c:68:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (filename, O_WRONLY | O_BINARY)) == -1)
data/acedb-4.9.39+dfsg.02/w9/diskfix.c:74:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
b.h.session = atoi(argv[1]) ;
data/acedb-4.9.39+dfsg.02/w9/diskfix.c:75:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
b.gAddress = atoi(argv[2]) ;
data/acedb-4.9.39+dfsg.02/w9/dotter.c:305:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *qseq, *sseq, *qname, *sname,
data/acedb-4.9.39+dfsg.02/w9/dotter.c:556:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char copy[256], *cp;
data/acedb-4.9.39+dfsg.02/w9/dotter.c:560:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, ptr, n); /* Note: strcpy doesn't work - stops at \0 */
data/acedb-4.9.39+dfsg.02/w9/dotter.c:570:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char
data/acedb-4.9.39+dfsg.02/w9/dotter.c:644:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fil = fopen (loadfile, "rb")))
data/acedb-4.9.39+dfsg.02/w9/dotter.c:1780:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(qpos, "%d", qlen - x*resfac - 1 + qoffset);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:1782:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(qpos, "%d", x*resfac + 1 + qoffset);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:1784:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(spos, "%d", y+1 + soffset);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2157:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fsPlotHeighttx, "%.1f", fsPlotHeight);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2511:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char retstr[1025] ;
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2512:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *path, file[1025], retval;
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2562:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(retstr, "Can't find executable 'dotter' in path");
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2797:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!atoi(winsize))
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2799:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
win = atoi(winsize);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3241:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(MATRIX_NAME, "DNA+5/-4");
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3245:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(MATRIX_NAME, "BLOSUM62");
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3253:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(saveFil = fopen (savefile, "wb")))
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3349:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1025] = "#", *p;
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3351:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fil = fopen(mtxfile, "r")) &&
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3352:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
!(fil = fopen(messprintf("%s/%s", getenv("BLASTMAT"), mtxfile), "r")))
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3372:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
MATRIX[row][col] = atoi(p);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:268:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'p': pixelFacset = atoi(optarg); break;
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:269:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'q': qoffset = atoi(optarg); break;
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:272:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 's': soffset = atoi(optarg); break;
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:281:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qlen = atoi(argv[optind+1]);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:283:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
slen = atoi(argv[optind+3]);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:291:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'z': dotterZoom = atoi(optarg); break;
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:380:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if(!(qfile = fopen(argv[optind], "r"))) {
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:388:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((cp = (char *)strrchr(argv[optind], '/')))
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:393:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(sfile = fopen(argv[optind+1], "r"))) {
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:401:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((cp = (char *)strrchr(argv[optind]+1, '/')))
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:491:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummyopts[32]; /* opts have different meaning in blixem */
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:497:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if(!(file = fopen(FSfilename, "r")))
data/acedb-4.9.39+dfsg.02/w9/efetch.c:41:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char dbsource[32];
data/acedb-4.9.39+dfsg.02/w9/efetch.c:42:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *env, dbdir[MAXFILE]="", *seqName;
data/acedb-4.9.39+dfsg.02/w9/efetch.c:93:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char idxfile[MAXFILE]="", dbfile[MAXFILE]="", divfile[MAXFILE]="",
data/acedb-4.9.39+dfsg.02/w9/efetch.c:95:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *file, customName[MAXFILE]="";
data/acedb-4.9.39+dfsg.02/w9/efetch.c:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[32], *tmpstr, *cp, fetchstr[256];
data/acedb-4.9.39+dfsg.02/w9/efetch.c:267:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Startseq = atoi(optarg);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:271:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Endseq = atoi(optarg);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:409:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((idx = fopen(idxfile, "r")) == NULL)
data/acedb-4.9.39+dfsg.02/w9/efetch.c:437:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((actrg = fopen(actrgfile, "r")) == NULL)
data/acedb-4.9.39+dfsg.02/w9/efetch.c:451:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((achit = fopen(achitfile, "r")) == NULL)
data/acedb-4.9.39+dfsg.02/w9/efetch.c:549:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((db = fopen(dbfile, "r")) == NULL) {
data/acedb-4.9.39+dfsg.02/w9/efetch.c:580:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fetchstr, "efetch -a ");
data/acedb-4.9.39+dfsg.02/w9/embl.c:93:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dname[DIR_BUFFER_SIZE], fname[FIL_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w9/embl.c:199:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char work[128] ;
data/acedb-4.9.39+dfsg.02/w9/embl.c:299:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1000] ;
data/acedb-4.9.39+dfsg.02/w9/embl.c:635:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *rnaText, featText[16] ;
data/acedb-4.9.39+dfsg.02/w9/fetch.c:39:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *env, dbsource[32]="", dbdir[128]="";
data/acedb-4.9.39+dfsg.02/w9/fetch.c:93:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char idxfile[128]="", dbfile[128]="", divfile[128]="",
data/acedb-4.9.39+dfsg.02/w9/fetch.c:95:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *file, customName[128]="", *seqName;
data/acedb-4.9.39+dfsg.02/w9/fetch.c:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[32], *tmpstr;
data/acedb-4.9.39+dfsg.02/w9/fetch.c:193:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Startseq = atoi(optarg); break;
data/acedb-4.9.39+dfsg.02/w9/fetch.c:196:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Endseq = atoi(optarg); break;
data/acedb-4.9.39+dfsg.02/w9/fetch.c:310:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((idx = fopen(idxfile, "r")) == NULL)
data/acedb-4.9.39+dfsg.02/w9/fetch.c:338:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((actrg = fopen(actrgfile, "r")) == NULL)
data/acedb-4.9.39+dfsg.02/w9/fetch.c:352:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((achit = fopen(achitfile, "r")) == NULL)
data/acedb-4.9.39+dfsg.02/w9/fetch.c:450:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((db = fopen(dbfile, "r")) == NULL) {
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXSTRLEN];
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:114:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char siteType[MAXSTRLEN]; /* type of site: e.g. atg, intron5, intron3, polya */
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:115:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char refSeqs[MAXSTRLEN]; /* reference sequences used to compute score table;
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:117:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char freqType[MAXSTRLEN]; /* "within" or "between"; specifies how
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:121:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char classDef[MAXSTRLEN];
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:429:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[MAXSTRLEN],string2[MAXSTRLEN];
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:453:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen (tableFile, "r")))
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:541:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(table->refSeqs,"all"); /*default reference sequences*/
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:542:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(table->freqType,"within");
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:543:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(table->classDef,"unique"); /*default frequency calculations:
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:912:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, fileName[MAXSTRLEN] ;
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:915:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen (filename, "r")))
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:1017:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, fileName[MAXSTRLEN], lastFileName[MAXSTRLEN] ;
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:1021:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen (filename, "r")))
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:1213:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (!(seqFile = fopen (*argv, "r")))
data/acedb-4.9.39+dfsg.02/w9/gmapdata.c:700:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf[2000] ;
data/acedb-4.9.39+dfsg.02/w9/gmapdata.c:702:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d loci\n"
data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c:155:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (look->messageText, "Multi_pt ") ;
data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c:158:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (look->messageText, ": ") ;
data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c:889:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[7];
data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c:913:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buff, "..");
data/acedb-4.9.39+dfsg.02/w9/hexcode.c:100:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fil = fopen (filname, "r")))
data/acedb-4.9.39+dfsg.02/w9/hexcode.c:358:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (!(seqFile = fopen (*argv, "r")))
data/acedb-4.9.39+dfsg.02/w9/readseq.c:48:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (newbuf, *buf, n) ;
data/acedb-4.9.39+dfsg.02/w9/readseq.c:206:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matdirname[256] ;
data/acedb-4.9.39+dfsg.02/w9/readseq.c:207:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullname[512] ;
data/acedb-4.9.39+dfsg.02/w9/readseq.c:209:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024] = "#", *p;
data/acedb-4.9.39+dfsg.02/w9/readseq.c:217:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (matdirname, "/nfs/disk100/pubseq/blastdb/") ;
data/acedb-4.9.39+dfsg.02/w9/readseq.c:221:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fil = fopen (name, "r")) && !(fil = fopen (fullname, "r")))
data/acedb-4.9.39+dfsg.02/w9/readseq.c:221:45: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fil = fopen (name, "r")) && !(fil = fopen (fullname, "r")))
data/acedb-4.9.39+dfsg.02/w9/readseq.c:256:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(*mat)[symb[i]][symb[j]] = atoi(p) ;
data/acedb-4.9.39+dfsg.02/w9/vmapdata2.c:1388:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (look->messageText, "Multi_pt ") ;
data/acedb-4.9.39+dfsg.02/w9/vmapdata2.c:1390:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (look->messageText, ": ") ;
data/acedb-4.9.39+dfsg.02/wabi/abifix.c:788:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], *cp, *cq ;
data/acedb-4.9.39+dfsg.02/wabi/abifix.c:837:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp , buf[300] ;
data/acedb-4.9.39+dfsg.02/wabi/annot.c:49:68: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef struct annotStruct { KEY key ; void *magic ; Graph graph ; char remark[1001] ; } *ANNOT ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:207:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ba, buf[256] ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:239:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%6d %c %5d ", x, ba, q) ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:242:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%6d %c", x, ba) ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:245:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, " h") ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:247:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, " a") ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:558:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ff = fopen (myname, "rb") ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:3696:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, buf[1000], buf1[1000] ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:3749:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, ctf [132], scf[132] ;
data/acedb-4.9.39+dfsg.02/wabi/blyctrl.c:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vname[NN] ;
data/acedb-4.9.39+dfsg.02/wabi/blyctrl.c:74:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char leftSite[NN], rightSite[NN] ; int nn1 ;
data/acedb-4.9.39+dfsg.02/wabi/cdnaalign.c:4271:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, feet[6] ;
data/acedb-4.9.39+dfsg.02/wabi/cdnaalign.c:5594:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, *cq, buffer[60001] ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:1708:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c, *buffer, buf[2] ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:1897:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[7] ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:1911:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buff, "cut") ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:1914:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buff, "unjoin") ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3258:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256] ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3367:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char com[300] ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3368:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nm [128] ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3421:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char nm [128], buf [256] ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3426:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", taux) ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3444:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char nm [128], buf [256] ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3600:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char nm[128], buf[256] ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3626:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf[256] ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3628:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "Order_by_Size\n") ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3633:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf[256] ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3635:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "Order_by_Subclones\n") ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3665:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp1, arrp(dna1,0,char), arrayMax(dna1));
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3666:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp2, arrp(dna2,0,char), arrayMax(dna2));
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3704:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf[256], nm[128] ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3779:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [256], nm[128] ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3785:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", taux) ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:66:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
BOOL open, fixedFont ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:364:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (seg->open)
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:406:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (seg->right && seg->open)
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:485:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
seg->open = !seg->open ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:487:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
look->openAll = seg->open ? 2 : 1 ;
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:57:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[2];
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:152:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp,*fopen();
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:161:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp=fopen("P7VAL","r"))==NULL) {
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:183:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp=fopen("J8_7","r"))==NULL) {
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:205:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp=fopen("P7c","r"))==NULL) {
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:230:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fopen(),*fpl,*fpe;
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:232:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fpl=fopen("plancher","r"))==NULL) {
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:235:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fpe=fopen("penabonu","r"))==NULL) {
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:1853:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[20];
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:1888:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pch,c[2];
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:1974:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fopen(),*fseq,*fseq2;
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:1976:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[2];
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:1979:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fseq=fopen(nom,"r"))==NULL) {
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:1982:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fseq2=fopen("c:seqbis.dat","w"))==NULL) {
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2055:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *gp4,*gp7,*fep,*fseq,*fopen();
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2056:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cont[6],rep[3];
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2064:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nom_sol[28]="yol/";
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2065:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nomp7[28]="yol/";
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2066:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nomp4[28]="yol/";
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2067:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nomens[28]="yol/";
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2069:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[DIR_BUFFER_SIZE], nom[FIL_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2121:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (gp4=fopen(nomp4,"w"))
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2123:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (gp7=fopen(nomp7,"w"))
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2130:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fep=fopen("c:seqbis.dat","r"))==NULL) {
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2154:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fseq=fopen("c:seq.dat","w"))
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2230:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fseq=fopen("c:seq.dat","r"))==NULL) {
data/acedb-4.9.39+dfsg.02/wabi/nnbasecall.c:229:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fileName[FIL_BUFFER_SIZE] , dirName[DIR_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/wabi/nnbasecall.c:457:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fileName[FIL_BUFFER_SIZE] , dirName[DIR_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/wabi/nnbasecall.c:654:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fileName[FIL_BUFFER_SIZE] , dirName[DIR_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/wabi/nnbasecall.c:656:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (fileName,"quality") ;
data/acedb-4.9.39+dfsg.02/wabi/saucisse.c:348:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (test->base, cp, i) ;
data/acedb-4.9.39+dfsg.02/wabi/trace.c:492:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [2] ;
data/acedb-4.9.39+dfsg.02/wabi/trace.c:1842:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, buf[2] ;
data/acedb-4.9.39+dfsg.02/wabi/trace.c:2107:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2] ;
data/acedb-4.9.39+dfsg.02/wabi/trace.c:2410:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c, cc, *cp, *cq, buf[2] ;
data/acedb-4.9.39+dfsg.02/wabi/trace.c:2682:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c, buf[2] ;
data/acedb-4.9.39+dfsg.02/wabi/trace.c:3562:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2] ;
data/acedb-4.9.39+dfsg.02/wabi/trace.c:3791:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, buf[2] ;
data/acedb-4.9.39+dfsg.02/wabi/trace.c:3825:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c, buf[2] ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:100:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100] ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:107:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "kclear _aks%d", ks->x->id) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:382:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (host && atoi (host))
data/acedb-4.9.39+dfsg.02/wac/acclient.c:395:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port_number = atoi (port) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:473:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s, response, response_len) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:524:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (response+y, t->data, t->len) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1351:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[30] ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1353:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buff, "kget _aks%d", k->id) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1365:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s, buff[50] ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1371:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&swap_magic, cp, 4) ; cp+= 4 ; nn -= 4 ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1413:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buff, "_sys_%d", ncl) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1843:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buff, "kstore _aks%d" , ks->x->id) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1886:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[50] ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1891:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buff, "kstore _aks%d" , aks->x->id) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1909:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[50] ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1922:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buff, "kstore _aks%d" , aks1->x->id) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1981:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[50] ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1993:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buff, "kstore _aks%d" , aks->x->id) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2006:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[50] ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2019:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buff, "kstore _aks%d" , aks->x->id) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2038:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[256] ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2042:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buff, "subset %d %d", x0, nx) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2045:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buff, "kstore _aks%d" , aks1->x->id) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2197:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name, buff[80] ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2214:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buff, "show -C -b %d -c %d", it->next, AC_ITER_OBJECT_READAHEAD) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2292:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[80] ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2303:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buff, "list -C -b %d -c %d", it->next, AC_ITER_OBJECT_READAHEAD) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2529:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (command, "kstore _aks%d" , aks->x->id) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2621:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100] ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2629:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buff, "kstore _aks%d" , ks->x->id) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2649:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, obj->x->a_data, len) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2681:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command [256] ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2690:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (command, "dna -x1 %d -x2 %d", x1, x2) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2692:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (command, "dna") ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2799:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100] ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2804:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (s, "serverparse\n") ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2826:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buff, "kstore _aks%d" , ks->x->id) ;
data/acedb-4.9.39+dfsg.02/wac/acclient_acetcp.c:35:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(acetcp_response, s, n);
data/acedb-4.9.39+dfsg.02/wac/acclient_acetcp.c:170:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dyn_error[200];
data/acedb-4.9.39+dfsg.02/wac/acclient_acetcp.c:178:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(protocol);
data/acedb-4.9.39+dfsg.02/wac/acclient_rpc.c:65:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(protocol);
data/acedb-4.9.39+dfsg.02/wac/acclient_socket.c:72:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(protocol);
data/acedb-4.9.39+dfsg.02/wac/acclient_socket.c:114:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fname,"r");
data/acedb-4.9.39+dfsg.02/wac/acclient_socket.c:117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[100], f_host[100], f_user[100], f_port[100];
data/acedb-4.9.39+dfsg.02/wac/acclient_socket.c:131:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((f_port[0] != '*') && (port != atoi(f_port)))
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:114:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_type[ACECONN_MSGTYPE_BUFLEN] ; /* See the msgs defined above. */
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:345:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header_buf[ACECONN_HEADER_BYTES] ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:461:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)&sname.sin_addr, (void*)hp->h_addr, hp->h_length) ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:488:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *hash_strings[HASH_STRING_NUM] ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1063:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->encore_message.str, msg->message, msg->mBytesRequested) ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1123:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(hdr->byte_swap), buf, 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1124:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(hdr->length), buf, 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1125:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(hdr->server_version), buf, 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1126:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(hdr->client_id), buf, 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1127:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(hdr->max_bytes), buf, 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1128:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(hdr->msg_type), buf, ACECONN_MSGTYPE_BUFLEN) ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1135:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &(hdr->byte_swap), 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1136:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &(hdr->length), 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1137:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &(hdr->server_version), 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1138:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &(hdr->client_id), 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1139:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &(hdr->max_bytes), 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1140:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &(hdr->msg_type), ACECONN_MSGTYPE_BUFLEN) ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1351:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *hash_strings[HASH_STRING_NUM] ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1367:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[MD5_HASHLEN] ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1374:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
MD5Update(&Md5Ctx, (unsigned char *)strings[i], strlen(strings[i])) ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1399:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hex_ptr, "%02x", digest[i]) ;
data/acedb-4.9.39+dfsg.02/wac/accmd.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[2000];
data/acedb-4.9.39+dfsg.02/wac/accmd.c:85:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(argv[0]);
data/acedb-4.9.39+dfsg.02/wac/accmd.c:140:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[2000];
data/acedb-4.9.39+dfsg.02/wac/acctest.c:49:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[1000];
data/acedb-4.9.39+dfsg.02/wac/acinside.c:175:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&n, cp, 4) ;
data/acedb-4.9.39+dfsg.02/wac/acinside.c:180:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (result, cp, n) ;
data/acedb-4.9.39+dfsg.02/wac/acinside.c:691:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096] ;
data/acedb-4.9.39+dfsg.02/wac/acinside.c:871:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char b[100];
data/acedb-4.9.39+dfsg.02/wac/acinside.c:887:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(b,"%d",i);
data/acedb-4.9.39+dfsg.02/wac/acinside.c:894:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(b,"%g",f);
data/acedb-4.9.39+dfsg.02/wac/actable.c:560:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char b[100];
data/acedb-4.9.39+dfsg.02/wac/actable.c:570:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(b,"%d", c->u.i);
data/acedb-4.9.39+dfsg.02/wac/actable.c:573:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(b,"%g", c->u.f);
data/acedb-4.9.39+dfsg.02/wace/acediff.c:455:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inputA = fopen (argv[1],"r") ;
data/acedb-4.9.39+dfsg.02/wace/acediff.c:456:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inputB = fopen (argv[2],"r") ;
data/acedb-4.9.39+dfsg.02/wace/acediff.c:457:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpA = fopen ("tempA1","w") ;
data/acedb-4.9.39+dfsg.02/wace/acediff.c:458:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpB = fopen ("tempB1","w") ;
data/acedb-4.9.39+dfsg.02/wace/acediff.c:482:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpA = fopen ("tempA2","r") ;
data/acedb-4.9.39+dfsg.02/wace/acediff.c:483:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpB = fopen ("tempB2","r") ;
data/acedb-4.9.39+dfsg.02/wace/acediff.c:484:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpC = fopen ("tempC1","w") ;
data/acedb-4.9.39+dfsg.02/wace/acediff.c:504:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpC = fopen ("tempC2","r") ;
data/acedb-4.9.39+dfsg.02/wace/acediffsorted.c:157:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2];
data/acedb-4.9.39+dfsg.02/wace/acediffsorted.c:503:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inputA = fopen (argv[1],"r");
data/acedb-4.9.39+dfsg.02/wace/acediffsorted.c:504:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inputB = fopen (argv[2],"r");
data/acedb-4.9.39+dfsg.02/wace/acediffsorted.c:519:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
temp = fopen (cp,"r");
data/acedb-4.9.39+dfsg.02/wace/acediffsorted.c:534:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
temp = fopen (cp,"r");
data/acedb-4.9.39+dfsg.02/wace/acediffsorted.c:550:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpC = fopen ("tempC1","w");
data/acedb-4.9.39+dfsg.02/wace/acediffsorted.c:559:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpC = fopen ("tempC2","r");
data/acedb-4.9.39+dfsg.02/wace/acesubs.c:43:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ww[50][1000] ; /* hard limit of a history of 50 */
data/acedb-4.9.39+dfsg.02/wace/acesubs.c:206:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char newlexname[250] ;
data/acedb-4.9.39+dfsg.02/wace/acesubs.c:212:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[250];
data/acedb-4.9.39+dfsg.02/wace/homonym.c:63:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *new = fopen("newnames","w") ;
data/acedb-4.9.39+dfsg.02/wace/homonym.c:111:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(name,"r") ;
data/acedb-4.9.39+dfsg.02/wace/makeUserPasswd.c:47:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[MD5_HASHLEN] ;
data/acedb-4.9.39+dfsg.02/wace/makeUserPasswd.c:61:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
MD5Update(&Md5Ctx, (unsigned char *)argv[1], strlen(argv[1])) ;
data/acedb-4.9.39+dfsg.02/wace/makeUserPasswd.c:158:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hex_ptr, "%02x", digest[i]) ;
data/acedb-4.9.39+dfsg.02/wace/pmapace.c:57:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAXBUF] ;
data/acedb-4.9.39+dfsg.02/wace/pmapace.c:112:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clone[9],gene[9],remark[41],*acedb_data,*cp ;
data/acedb-4.9.39+dfsg.02/wace/pmapace.c:122:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen (messprintf ("%s/pmap/%s.asc",acedb_data,argv[1]),"r") ;
data/acedb-4.9.39+dfsg.02/wace/pmapace.c:123:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen (messprintf ("%s/pmap/%s.ace",acedb_data),"w") ;
data/acedb-4.9.39+dfsg.02/wace/pmapace2.c:43:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAXBUF] ;
data/acedb-4.9.39+dfsg.02/wace/pmapace2.c:98:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clone[9],gene[9],remark[41],*cp ;
data/acedb-4.9.39+dfsg.02/wace/pmapace2.c:106:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen (messprintf ("%s.asc",argv[1]),"r") ;
data/acedb-4.9.39+dfsg.02/wace/pmapace2.c:107:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen (messprintf ("%s.2.ace",argv[1]),"w") ;
data/acedb-4.9.39+dfsg.02/wace/stockace.c:46:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tag[40][36] =
data/acedb-4.9.39+dfsg.02/waql/aqlcheck.c:1699:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char typeString[2]; /* a copy will be allocated by tableHandleCreate */
data/acedb-4.9.39+dfsg.02/waql/aqlerror.c:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[22] ;
data/acedb-4.9.39+dfsg.02/waql/aqlerror.c:104:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (aql->errorReport,
data/acedb-4.9.39+dfsg.02/waql/aqlerror.c:115:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (aql->errorReport, "// ");
data/acedb-4.9.39+dfsg.02/waql/aqlerror.c:124:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (aql->errorReport, "// ");
data/acedb-4.9.39+dfsg.02/waql/aqlrun.c:578:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char typeString[2];
data/acedb-4.9.39+dfsg.02/wdce/client.c:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[80];
data/acedb-4.9.39+dfsg.02/wdce/client.c:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf[80];
data/acedb-4.9.39+dfsg.02/wdce/connectionspp.cpp:87:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_TCP_IP_Port = (UINT)atoi((LPCTSTR)m_Default_TCP_IP.Endpoint()) ;
data/acedb-4.9.39+dfsg.02/wdce/connectionspp.cpp:89:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_NetBEUI_Port = (short)atoi((LPCTSTR)m_Default_NetBEUI.Endpoint()) ;
data/acedb-4.9.39+dfsg.02/wdce/connectionspp.cpp:189:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port[6] ;
data/acedb-4.9.39+dfsg.02/wdce/connectionspp.cpp:199:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port[4] ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:66:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (cp, "r") ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:81:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (cp, "r") ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:217:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char epStr[256] ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:223:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(epStr, "\\pipe\\aceserver") ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:226:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(epStr, "\\pipe\\") ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:231:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(epStr, "32") ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:233:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(epStr, "11000") ; /* a TCP/IP or other port #? */
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:249:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char pStr[32] ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:255:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)pStr, "ncacn_np" ) ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:259:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)pStr, "ncacn_ip_tcp" ) ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:261:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)pStr, "ncacn_nb_nb" ) ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:276:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char epStr[256] ;
data/acedb-4.9.39+dfsg.02/wdce/dceserverlib.c:191:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cp, stackText(s,0), nn) ;
data/acedb-4.9.39+dfsg.02/wdce/dceserverlib.c:196:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cp,"// Sorry, broken connection, possibly due to client time out") ;
data/acedb-4.9.39+dfsg.02/wdce/dceserverlib.c:199:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cp,"// ") ;
data/acedb-4.9.39+dfsg.02/wdce/dceserverlib.cpp:395:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cp, stackText(s,0), nn) ;
data/acedb-4.9.39+dfsg.02/wdce/dceserverlib.cpp:399:25: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cp,"// Sorry, broken connection, possibly due to client time out") ;
data/acedb-4.9.39+dfsg.02/wdce/rpcace_c.c:27:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Format[ TYPE_FORMAT_STRING_SIZE ];
data/acedb-4.9.39+dfsg.02/wdce/rpcace_c.c:33:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Format[ PROC_FORMAT_STRING_SIZE ];
data/acedb-4.9.39+dfsg.02/wdce/rpcace_s.c:22:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Format[ TYPE_FORMAT_STRING_SIZE ];
data/acedb-4.9.39+dfsg.02/wdce/rpcace_s.c:28:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Format[ PROC_FORMAT_STRING_SIZE ];
data/acedb-4.9.39+dfsg.02/wdce/serviceregistrypp.cpp:251:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathnameBuf[256], *ppathnameBuf = pathnameBuf ;
data/acedb-4.9.39+dfsg.02/wgd/gd.h:36:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open[gdMaxColors];
data/acedb-4.9.39+dfsg.02/wgd/gd2gif.c:10:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256] ;
data/acedb-4.9.39+dfsg.02/wgd/gd2gif.c:18:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, ".gd") ;
data/acedb-4.9.39+dfsg.02/wgd/gd2gif.c:19:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(in = fopen (buf, "r")))
data/acedb-4.9.39+dfsg.02/wgd/gd2gif.c:29:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, ".gif") ;
data/acedb-4.9.39+dfsg.02/wgd/gd2gif.c:30:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(out = fopen (buf, "w")))
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:73:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (im->open[i]) {
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:92:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (im->open[i]) {
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:109:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (im->open[i]) {
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:124:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
im->open[ct] = 0;
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:131:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
im->open[color] = 1;
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1502:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char accum[ 256 ];
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1609:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ColorMap[3][MAXCOLORMAPSIZE];
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1624:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int ReadColorMap (FILE *fd, int number, unsigned char (*buffer)[256]);
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1629:79: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void ReadImage (gdImagePtr im, FILE *fd, int len, int height, unsigned char (*cmap)[256], int interlace, int ignore);
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1642:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1644:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ColorMap[3][MAXCOLORMAPSIZE];
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1645:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char localColorMap[3][MAXCOLORMAPSIZE];
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1650:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[4];
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1697:40: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (im->open[i]) {
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1754:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ReadColorMap(FILE *fd, int number, unsigned char (*buffer)[256])
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1757:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgb[3];
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1776:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buf[256];
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1820:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buf[280];
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1923:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[260];
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1972:66: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ReadImage(gdImagePtr im, FILE *fd, int len, int height, unsigned char (*cmap)[256], int interlace, int ignore)
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1983:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
im->open[i] = 1;
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:2008:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (im->open[v]) {
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:2009:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
im->open[v] = 0;
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:2388:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[161];
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:2405:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
w = atoi(sp + 1);
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:2425:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
h = atoi(sp + 1);
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:2440:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char h[3];
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:2613:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(im->style, style, sizeof(int) * noOfPixels);
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:2715:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)(tmp+dp->logicalSize),src,size);
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:2741:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newPtr,dp->data,dp->logicalSize);
data/acedb-4.9.39+dfsg.02/wgnbk/gnbk.c:92:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(messprintf("%s.1",filName), O_RDONLY, 0);
data/acedb-4.9.39+dfsg.02/wgnbk/gnbk.c:195:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *filName, *cp, buf[50][255] ;
data/acedb-4.9.39+dfsg.02/wgnbk/gnbk.c:413:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50][ 256] ;
data/acedb-4.9.39+dfsg.02/wgnbk/gnbkclient.c:118:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(*argv);
data/acedb-4.9.39+dfsg.02/wgnbk/gnbkserver.c:119:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf [12*1024] ;
data/acedb-4.9.39+dfsg.02/wgnbk/gnbkserver.c:121:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, ".log") ;
data/acedb-4.9.39+dfsg.02/wgnbk/gnbkserver.c:169:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[15] ;
data/acedb-4.9.39+dfsg.02/wgnbk/rpcgnbk_sp.c:99:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cp, stackText(s,0), nn) ;
data/acedb-4.9.39+dfsg.02/wgnbk/rpcgnbk_sp.c:101:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cp,"// Sorry, broken connection, possibly due to client time out") ;
data/acedb-4.9.39+dfsg.02/wgnbk/rpcgnbk_sp.c:103:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cp,"// ") ;
data/acedb-4.9.39+dfsg.02/wh/a_.h:57:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char n[AMAX];
data/acedb-4.9.39+dfsg.02/wh/array.h:217:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
( memcpy((stk)->ptr,(stk)->ptr - ((pos+1) * STACK_ALIGNMENT),STACK_ALIGNMENT), \
data/acedb-4.9.39+dfsg.02/wh/b_.h:57:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[NODEX] ;
data/acedb-4.9.39+dfsg.02/wh/blxview.h:62:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qframe[8];
data/acedb-4.9.39+dfsg.02/wh/blxview.h:67:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sframe[8];
data/acedb-4.9.39+dfsg.02/wh/cdna.h:54:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char B2[255] ;
data/acedb-4.9.39+dfsg.02/wh/cdnainit.h:36:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char B2[255] ;
data/acedb-4.9.39+dfsg.02/wh/colcontrol.h:117:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[32] ;
data/acedb-4.9.39+dfsg.02/wh/colcontrol_.h:82:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[EDITLEN+1];
data/acedb-4.9.39+dfsg.02/wh/dbidx.h:71:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
*memcpy(),
data/acedb-4.9.39+dfsg.02/wh/dbidx.h:121:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_name[21];
data/acedb-4.9.39+dfsg.02/wh/dbidx.h:122:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_relnum[11];
data/acedb-4.9.39+dfsg.02/wh/dbidx.h:132:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entry_name[32]; /* The actual size is calculated from the header of
data/acedb-4.9.39+dfsg.02/wh/dbidx.h:147:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char acnum[32]; /* The actual size is calculated from the header of
data/acedb-4.9.39+dfsg.02/wh/dbidx.h:167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[128]; /* This may vary. EMBL uses 12 */
data/acedb-4.9.39+dfsg.02/wh/diskPart.h:50:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[LG_NAME]; /* machine on which is the partition */
data/acedb-4.9.39+dfsg.02/wh/diskPart.h:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileSystem[LG_NAME];/* partition file system or "ACEDN if relative */
data/acedb-4.9.39+dfsg.02/wh/diskPart.h:52:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[LG_NAME]; /* file name or "NONE" if not a file system */
data/acedb-4.9.39+dfsg.02/wh/disk__.h:49:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[BLKMX];
data/acedb-4.9.39+dfsg.02/wh/gmap.h:81:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char messageText[MAXMESSAGETEXT] ;
data/acedb-4.9.39+dfsg.02/wh/interval.h:99:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nboligo[16], distance[16], choix[16], param[30] ;
data/acedb-4.9.39+dfsg.02/wh/iupac.h:149:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stdcode1[65] = {
data/acedb-4.9.39+dfsg.02/wh/iupac.h:220:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stdcode3[65] = {
data/acedb-4.9.39+dfsg.02/wh/map.h:91:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[32] ;
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:442:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fopen (const char *path, const char *mode);
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:465:24: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define memmove(d,s,l) bcopy(s,d,l)
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:466:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void bcopy(char *b1, char *b2, int length);
data/acedb-4.9.39+dfsg.02/wh/opp.h:42:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char opp[256]; /* complement of any given base */
data/acedb-4.9.39+dfsg.02/wh/oxgrid.h:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char findhom[20], findloc[20] ;
data/acedb-4.9.39+dfsg.02/wh/oxgrid.h:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pairhom[20], pairloc[20], messageText[80] ;
data/acedb-4.9.39+dfsg.02/wh/oxgrid.h:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char o2mhom[20], o2mloc[20], message2Text[80] ;
data/acedb-4.9.39+dfsg.02/wh/oxgrid.h:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spechom[20], specloc[20], message3Text[80] ;
data/acedb-4.9.39+dfsg.02/wh/pepdisp.h:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char messageText[MAXMESSAGETEXT];
data/acedb-4.9.39+dfsg.02/wh/pepdisp.h:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char activeText[MAXACTIVETEXT];
data/acedb-4.9.39+dfsg.02/wh/pref_.h:47:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/acedb-4.9.39+dfsg.02/wh/query_.h:55:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char resbuffer[QBUFF_MULT*BUFFER_SIZE]; /* for forming query commands */
data/acedb-4.9.39+dfsg.02/wh/session.h:73:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[80], title[255] ;
data/acedb-4.9.39+dfsg.02/wh/session_.h:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbName[32] ; /* added as of release 4.3 */
data/acedb-4.9.39+dfsg.02/wh/session_.h:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbName[32] ; /* added as of release 4.3 */
data/acedb-4.9.39+dfsg.02/wh/session_.h:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[BLKMX] ;
data/acedb-4.9.39+dfsg.02/wh/spread_.h:55:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char titleBuffer[60] ;
data/acedb-4.9.39+dfsg.02/wh/spread_.h:56:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char paramBuffer[180] ; /* default parameters stored
data/acedb-4.9.39+dfsg.02/wh/spread_.h:131:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char headerBuffer[60] ;
data/acedb-4.9.39+dfsg.02/wh/spread_.h:132:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char conditionBuffer[360] ; /* additional restriction on the new object */
data/acedb-4.9.39+dfsg.02/wh/spread_.h:133:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tagTextBuffer[360] ; /* To edit by hand the tag filed */
data/acedb-4.9.39+dfsg.02/wh/table.h:104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cStylePrefix [1] ;
data/acedb-4.9.39+dfsg.02/whooks/class.c:138:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, *cq , buffer[32] ;
data/acedb-4.9.39+dfsg.02/whooks/class.c:182:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"__filters%d", nn) ;
data/acedb-4.9.39+dfsg.02/whooks/class.c:250:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[32] ;
data/acedb-4.9.39+dfsg.02/whooks/class.c:261:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"__filters%d", i) ;
data/acedb-4.9.39+dfsg.02/whooks/sysclass.c:559:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/acedb-4.9.39+dfsg.02/win32/startace.c:19:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rxvt[MAX_PATH];
data/acedb-4.9.39+dfsg.02/win32/startace.c:20:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ace[MAX_PATH];
data/acedb-4.9.39+dfsg.02/win32/startace.c:21:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db[MAX_PATH];
data/acedb-4.9.39+dfsg.02/win32/startace.c:22:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbdir_posix[MAX_PATH];
data/acedb-4.9.39+dfsg.02/win32/startace.c:23:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char install_dir[MAX_PATH];
data/acedb-4.9.39+dfsg.02/win32/startace.c:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[256];
data/acedb-4.9.39+dfsg.02/win32/startace.c:106:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (install_dir, "/bin/sh");
data/acedb-4.9.39+dfsg.02/win32/startace.c:120:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dbdir_posix, "-promptdb");
data/acedb-4.9.39+dfsg.02/win32/startace.c:126:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(db, "r");
data/acedb-4.9.39+dfsg.02/wjo/oxgriddisp.c:1703:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[2] ;
data/acedb-4.9.39+dfsg.02/wmd5/digcalc.h:3:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char HASH[HASHLEN];
data/acedb-4.9.39+dfsg.02/wmd5/digcalc.h:5:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char HASHHEX[HASHHEXLEN+1];
data/acedb-4.9.39+dfsg.02/wmd5/digtest.c:13:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szNonceCount[9] = "00000001";
data/acedb-4.9.39+dfsg.02/wmd5/md5.h:31:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64]; /* input buffer */
data/acedb-4.9.39+dfsg.02/wmd5/md5c.c:56:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char PADDING[64] = {
data/acedb-4.9.39+dfsg.02/wmd5/md5c.c:155:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[16]; /* message digest */
data/acedb-4.9.39+dfsg.02/wmd5/md5c.c:158:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bits[8];
data/acedb-4.9.39+dfsg.02/wmd5/md5c.c:185:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[64];
data/acedb-4.9.39+dfsg.02/wmd5/md5c.c:331:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)output)[i] = (char)value;
data/acedb-4.9.39+dfsg.02/wmd5/mddriver.c:106:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[16];
data/acedb-4.9.39+dfsg.02/wmd5/mddriver.c:125:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[TEST_BLOCK_LEN], digest[16];
data/acedb-4.9.39+dfsg.02/wmd5/mddriver.c:182:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[1024], digest[16];
data/acedb-4.9.39+dfsg.02/wmd5/mddriver.c:184:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((file = fopen (filename, "rb")) == NULL)
data/acedb-4.9.39+dfsg.02/wmd5/mddriver.c:207:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[16], digest[16];
data/acedb-4.9.39+dfsg.02/wmd5/mddriver.c:221:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[16];
data/acedb-4.9.39+dfsg.02/wnq/acelib.c:1541:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new->base, a->base, i*a->size) ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:1262:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sepString[2] ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:1267:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufvoid[1] = {'v'} ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:1268:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufinteger[1] = {'i'} ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:1269:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffloat[1] = {'f'} ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:1270:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufdate[1] = {'d'} ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:1271:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buftext[1] = {'t'} ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:1272:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufk[2] = {'k', 0} ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:1273:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufK[2] = {'K', 0} ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:1274:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buftag[1] = {'g'} ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:1684:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bfret[3];
data/acedb-4.9.39+dfsg.02/wnq/table.c:2156:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (arrp(aa, 0, TABLETYPE), t->name, t->ncol*sizeof(TABLETYPE)) ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:2162:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (uu, vv, tabMax(t,i) * sizeof(TABLETYPE)) ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:2215:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (t->name, arrp(aa, 0, TABLETYPE), ncol*sizeof(TABLETYPE)) ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:2224:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (vv, uu, max*sizeof(TABLETYPE)) ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:2231:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (vv, uu, maxBitArray*sizeof(TABLETYPE)) ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:2315:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char type[1000] ;
data/acedb-4.9.39+dfsg.02/wrpc/aceclient.c:429:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stackText(s,0), answer, length) ;
data/acedb-4.9.39+dfsg.02/wrpc/aceclientlib.c:68:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (name, "r") ;
data/acedb-4.9.39+dfsg.02/wrpc/aceclientlib.c:86:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(f = fopen(dirName, "r")))
data/acedb-4.9.39+dfsg.02/wrpc/aceclientlib.c:106:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (name, "r") ;
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:132:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newbuffer,*buffer,bytes_to_copy);
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:188:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char command[COMMAND_MAX]; /* command can't be longer than 512 characters */
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:296:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[MAX_MESSAGE];
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:297:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subclass[MAX_CLASSNAME],superclass[MAX_CLASSNAME];
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:306:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message,"ACE: error code %d",retval);
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:340:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message,"%d objects",active);
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:368:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FILENAME_MAX + COMMAND_MAX + 1];
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:378:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
temp = fopen(tempName,"w");
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:425:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[MAX_MESSAGE];
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:453:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(message,"find ");
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:455:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(message,"follow ");
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:457:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(message,"is ");
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:459:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(message,"query ");
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:461:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(message,"undo ");
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:465:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(message,"show -j ");
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:470:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(message,"table -j -n ");
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:474:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(message,"aql -j ");
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:478:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(message,"model ");
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:482:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(message,"gif ");
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:486:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(message,"list -j ");
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:531:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(*argv);
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:535:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeOut = atoi(*argv);
data/acedb-4.9.39+dfsg.02/wrpc/jade2sybase.c:385:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(args[1],"r") ;
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:176:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newbuffer,*buffer,bytes_to_copy);
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:227:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char command[COMMAND_MAX]; /* command can't be longer than 512 characters */
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:335:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[MAX_MESSAGE];
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:336:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subclass[MAX_CLASSNAME],superclass[MAX_CLASSNAME];
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:377:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message,"%d objects",active);
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:395:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FILENAME_MAX + COMMAND_MAX + 1];
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:406:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
temp = fopen(tempName,"w");
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:454:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[MAX_MESSAGE];
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:483:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(message,"find ");
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:485:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(message,"follow ");
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:487:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(message,"is ");
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:489:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(message,"query ");
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:491:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(message,"undo ");
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:495:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(message,"show -j ");
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:500:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(message,"table -j -n ");
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:504:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(message,"model ");
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:508:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(message,"list -j ");
data/acedb-4.9.39+dfsg.02/wrpc/rpcace_sp.c:124:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cp, stackText(s,0), nn) ;
data/acedb-4.9.39+dfsg.02/wrpc/rpcace_sp.c:128:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cp,"// Sorry, broken connection, possibly due to client time out") ;
data/acedb-4.9.39+dfsg.02/wrpc/xclient.c:71:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char server[255] ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocket_.h:44:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hBuffer [ACE_HEADER_BYTES] ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c:179:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(hh->swapMagic), buf, 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c:180:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(hh->length), buf, 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c:181:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(hh->serverVersion), buf, 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c:182:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(hh->clientId), buf, 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c:183:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(hh->maxBytes), buf, 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c:184:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(hh->msgType), buf, ACESERV_MSGTYPE_BUFLEN) ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c:191:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &(hh->swapMagic), 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c:192:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &(hh->length), 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c:193:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &(hh->serverVersion), 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c:194:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &(hh->clientId), 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c:195:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &(hh->maxBytes), 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c:196:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &(hh->msgType), ACESERV_MSGTYPE_BUFLEN) ;
data/acedb-4.9.39+dfsg.02/wsocket/saceclient.c:214:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fil = fopen(optarg, "r") ;
data/acedb-4.9.39+dfsg.02/wsocket/saceclient.c:395:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *words[MAX_REQUEST_WORDS] ; /* for construction of requests. */
data/acedb-4.9.39+dfsg.02/wsocket/saceclient.c:668:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stackText(s,0), answer, length) ;
data/acedb-4.9.39+dfsg.02/wsocket/saceclient.c:1022:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *hash_strings[HASH_STRING_NUM] ;
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:110:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *prompts[PROMPT_NUM] = {"Please enter current passwd: ",
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:113:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *answers[PROMPT_NUM] ;
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:116:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *hash_strings[HASH_STRING_NUM] ;
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:160:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *prompts[MAX_PROMPTS] = {"Please enter userid to be updated: "} ;
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:165:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *answers[MAX_PROMPTS] ;
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:168:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *hash_strings[HASH_STRING_NUM] ;
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:296:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *prompts[MAX_PROMPTS] = {"Please enter domain to be updated: "} ;
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:299:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *answers[MAX_PROMPTS] ;
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:497:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (answer, msg->readBuffer, msg->ah.length) ;
data/acedb-4.9.39+dfsg.02/wsocket/sclientlib.c:99:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy ((char*)hp->h_addr, (char*) &sname.sin_addr, hp->h_length) ;
data/acedb-4.9.39+dfsg.02/wsocket/sclientlib.c:230:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (answer, msg->readBuffer, msg->ah.length) ;
data/acedb-4.9.39+dfsg.02/wsocket/sclientlib.c:266:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *hash_strings[HASH_STRING_NUM] ;
data/acedb-4.9.39+dfsg.02/wsocket/sclientlib.c:269:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *words[2] ;
data/acedb-4.9.39+dfsg.02/wsocket/serverace.c:1993:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((server->logmsgs_per_timestamp = atoi(frequency_str)) < 0)
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:454:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_str[MAKE_INT_STRING(addr)] ;
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:455:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char random_str[MAKE_INT_STRING(random)] ;
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:456:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_str[MAKE_INT_STRING(time)] ;
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:457:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *hash_strings[NONCE_ITEMS] ;
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:476:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (sprintf(addr_str, "%lu", addr) < 1
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:477:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
|| sprintf(random_str, "%d", random) < 1
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:478:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
|| sprintf(time_str, "%u", time) < 1)
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:806:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *hash_strings[HASH_ITEMS] ;
data/acedb-4.9.39+dfsg.02/wsocket/serverclientutils.c:54:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[MD5_HASHLEN] ;
data/acedb-4.9.39+dfsg.02/wsocket/serverclientutils.c:61:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
MD5Update(&Md5Ctx, (unsigned char *)strings[i], strlen(strings[i])) ;
data/acedb-4.9.39+dfsg.02/wsocket/serverclientutils.c:86:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hex_ptr, "%02x", digest[i]) ;
data/acedb-4.9.39+dfsg.02/wsocket/servertransport.h:99:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgType[ACESERV_MSGTYPE_BUFLEN] ; /* See the msgs defined above. */
data/acedb-4.9.39+dfsg.02/wsocket/sxclient.c:74:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char server[255] ;
data/acedb-4.9.39+dfsg.02/wstaden/Read.c:116:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(fn, "w"))) {
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:928:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cp, arrp(a2, 0, unsigned char), (mysize_t) dataMax) ;
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:984:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (safe > n) { memcpy (cp, read->prob_A, n) ; cp += n ;}
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:986:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (safe > n) { memcpy (cp, read->prob_C, n) ; cp += n ; }
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:988:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (safe > n) { memcpy (cp, read->prob_G, n) ; cp += n ; }
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:990:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (safe > n) { memcpy (cp, read->prob_T, n) ; cp += n ; }
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:1004:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (safe > n) { memcpy (cp, mixProb, n) ; cp += n ; safe -= n ; }
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:1151:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (read->prob_A, cp, n) ; cp += n ; nn -= n ;
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:1152:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (read->prob_C, cp, n) ; cp += n ; nn -= n ;
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:1153:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (read->prob_G, cp, n) ; cp += n ; nn -= n ;
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:1154:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (read->prob_T, cp, n) ; cp += n ; nn -= n ;
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:1161:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mixProb, ucp, n) ; cp += n ; nn -= n ;
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:78:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eflt_feature_ids[MAXIMUM_EFLTS][MAXIMUM_EFLT_LENGTH+1] = {
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:242:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%d..%d", start, end);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:306:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[EXP_FILE_LINE_LENGTH+1];
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:358:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d..%d ", opos[st], opos[i-1]);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:360:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d ", opos[st]);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:367:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d ", f);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:381:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d..%d", opos[st], opos[i-1]);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:383:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", opos[st]);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:466:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d ", conf[i]);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:506:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file,"r"))==NULL) {
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:520:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
e->fp = fopen(file,"a");
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:533:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[EXP_FILE_LINE_LENGTH+1];
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:661:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*val = atoi(exp_get_entry(e,id));
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:728:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[EXP_FILE_LINE_LENGTH];
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:730:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",*val);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:743:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[EXP_FILE_LINE_LENGTH];
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:861:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cfn[1025];
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:984:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[EXP_FILE_LINE_LENGTH];
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:1003:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[EXP_FILE_LINE_LENGTH];
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.h:69:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char eflt_feature_ids[MAXIMUM_EFLTS][MAXIMUM_EFLT_LENGTH+1];
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[2];
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BS];
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[L_tmpnam];
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:133:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (newfp = fopen(fname, "wb+")))
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:149:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (newfp = fopen(fname, "rb")))
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:177:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048], fext[1024], mg[3];
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:191:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(file, O_RDONLY);
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:205:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (-1 == (fd = open(fext, O_RDONLY)))
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:249:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(fname, "r+b")))
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:250:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(fname, "rb")))
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:254:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*ofp = fopen(try ? fext : file, "r+b");
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:273:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[L_tmpnam];
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:274:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BS], mg[3];
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:293:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
newfp = fopen(fname, "wb+");
data/acedb-4.9.39+dfsg.02/wstaden/files.c:48:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(files, "r");
data/acedb-4.9.39+dfsg.02/wstaden/files.c:52:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/acedb-4.9.39+dfsg.02/wstaden/files.c:53:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[256];
data/acedb-4.9.39+dfsg.02/wstaden/find.c:8:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char wholePath[1024];
data/acedb-4.9.39+dfsg.02/wstaden/makeSCF.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/acedb-4.9.39+dfsg.02/wstaden/makeSCF.c:412:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofp = fopen(outf, "wb+");
data/acedb-4.9.39+dfsg.02/wstaden/misc.h:39:24: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define memmove(d,s,l) bcopy(s,d,l)
data/acedb-4.9.39+dfsg.02/wstaden/misc_scf.c:35:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char v[5];
data/acedb-4.9.39+dfsg.02/wstaden/misc_scf.c:43:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char v[5];
data/acedb-4.9.39+dfsg.02/wstaden/misc_scf.c:45:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(v, "%1.2f", f);
data/acedb-4.9.39+dfsg.02/wstaden/misc_scf.c:139:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fp=fopen(fn,"rb")) == NULL) {
data/acedb-4.9.39+dfsg.02/wstaden/read_scf.c:339:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&scf->header, &h, sizeof(Header));
data/acedb-4.9.39+dfsg.02/wstaden/scf.h:82:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[4]; /* "version.revision" */
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:388:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[8192];
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:389:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128], *p;
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:401:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char commstr[256], *commstrp;
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:419:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[300];
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:449:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "SIGN=A=%d,C=%d,G=%d,T=%d\n",
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:459:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "SPAC=%-6.2f\n", fspacing);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:470:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "PRIM=%d\n", (ppos>>16));
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:478:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[257];
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:486:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "MACH=%.*s\n", l, buffer);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:495:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:500:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "DYEP=%.*s\n", l, buffer);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:521:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:526:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "NAME=%.*s\n", l, buffer);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:608:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fn, "rb")) == NULL)
data/acedb-4.9.39+dfsg.02/wstaden/seqIOALF.c:257:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[200];
data/acedb-4.9.39+dfsg.02/wstaden/seqIOALF.c:367:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fn, "rb")) == NULL)
data/acedb-4.9.39+dfsg.02/wstaden/seqIOCTF.c:53:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fn, "rb")) == NULL)
data/acedb-4.9.39+dfsg.02/wstaden/seqIOCTF.c:82:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fn, "wb")) == NULL)
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:124:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5], name[17], line[1024];
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:206:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fn, "r")) == NULL)
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:243:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fn,"w")) == NULL)
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:104:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(read->info, scf->comments, scf->header.comments_size);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:179:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scf->comments, read->info, scf->header.comments_size - 1);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:189:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scf->header.version, scf_version_float2str(SCF_VERSION), 4);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:271:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(exp_get_entry(e, EFLT_QL), "%d", read->leftCutoff);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:276:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(exp_get_entry(e, EFLT_QR), "%d", read->rightCutoff);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:342:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[1024];
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:365:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
q = atoi(exp_get_entry(e, EFLT_QL));
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:369:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s = atoi(exp_get_entry(e, EFLT_SL));
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:380:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
q = atoi(exp_get_entry(e, EFLT_QR));
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:384:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s = atoi(exp_get_entry(e, EFLT_SR));
data/acedb-4.9.39+dfsg.02/wstaden/traceType.c:64:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *trace_types[6] = {
data/acedb-4.9.39+dfsg.02/wstaden/traceType.c:90:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/acedb-4.9.39+dfsg.02/wstaden/write_scf.c:380:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scf->header.version, scf_version_float2str(SCF_VERSION), 4);
data/acedb-4.9.39+dfsg.02/wstaden/write_scf.c:382:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scf->header.version, scf_version_float2str(SCF_VERSION_OLD), 4);
data/acedb-4.9.39+dfsg.02/wstaden/write_scf.c:442:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fn,"wb")) == NULL)
data/acedb-4.9.39+dfsg.02/wtools/split.c:22:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10000], name[120], *cp ;
data/acedb-4.9.39+dfsg.02/wtools/split.c:32:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, ".%d", ++nf) ;
data/acedb-4.9.39+dfsg.02/wtools/split.c:33:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen (name, "w") ;
data/acedb-4.9.39+dfsg.02/wtools/split.c:48:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, ".%d", ++nf) ;
data/acedb-4.9.39+dfsg.02/wtools/split.c:49:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen (name, "w") ;
data/acedb-4.9.39+dfsg.02/wzmap/zmapcontrol.c:753:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[25];
data/acedb-4.9.39+dfsg.02/wzmap/zmapcontrol.c:754:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text,"%d", x*10);
data/acedb-4.9.39+dfsg.02/wzmap/zmapmain.c:17:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
key = atoi(argv[2]);
data/acedb-4.9.39+dfsg.02/wzmap/zmapmain.c:18:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
from = atoi(argv[3]);
data/acedb-4.9.39+dfsg.02/wzmap/zmapmain.c:19:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
isOldGraph = atoi(argv[4]);
data/acedb-4.9.39+dfsg.02/wzmap/zmapsequence.c:57:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dnap, buff[10];
data/acedb-4.9.39+dfsg.02/wzmap/zmapsequence.c:60:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%7d", zmVisibleCoord(window->root, i));
data/acedb-4.9.39+dfsg.02/w1/acein.c:128:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = getc(fi->curr_fil); \
data/acedb-4.9.39+dfsg.02/w1/acein.c:509:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fi->stream[fi->streamlevel].prompt = halloc(strlen(options[0].text)+3,
data/acedb-4.9.39+dfsg.02/w1/acein.c:629:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) > 23)
data/acedb-4.9.39+dfsg.02/w1/acein.c:877:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*length = (long int)strlen(fi->stream[fi->streamlevel].text);
data/acedb-4.9.39+dfsg.02/w1/acein.c:1023:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (fi->word, cp, fi->maxcard);
data/acedb-4.9.39+dfsg.02/w1/acein.c:1126:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| (endptr != fi->word + strlen((const char*)fi->word)) /* some other character wrong */
data/acedb-4.9.39+dfsg.02/w1/acein.c:1187:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| (endptr != fi->word + strlen((const char*)fi->word)) /* some other character wrong */
data/acedb-4.9.39+dfsg.02/w1/acein.c:1250:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| endptr != fi->word + strlen((const char*)fi->word) /* some other character wrong */
data/acedb-4.9.39+dfsg.02/w1/acein.c:1603:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = 2*(1+strlen(text)) ;
data/acedb-4.9.39+dfsg.02/w1/acein.c:1624:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cq = cp + strlen(cp) - 1 ;
data/acedb-4.9.39+dfsg.02/w1/acein.c:1665:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = 2*(1+strlen(text)) ;
data/acedb-4.9.39+dfsg.02/w1/acein.c:1698:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = 2*(1+strlen(text)) ;
data/acedb-4.9.39+dfsg.02/w1/acein.c:1904:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (parms && strlen(parms) > 0)
data/acedb-4.9.39+dfsg.02/w1/acein.c:2002:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = getc(fi->curr_fil);
data/acedb-4.9.39+dfsg.02/w1/acein.c:2151:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(filename);
data/acedb-4.9.39+dfsg.02/w1/aceout.c:123:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(url) > 8
data/acedb-4.9.39+dfsg.02/w1/aceout.c:185:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fo->filename = halloc(strlen("mailto:") +
data/acedb-4.9.39+dfsg.02/w1/aceout.c:186:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(address) + 1, fo->handle);
data/acedb-4.9.39+dfsg.02/w1/aceout.c:198:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fo->filename = halloc (strlen(directory) +
data/acedb-4.9.39+dfsg.02/w1/aceout.c:199:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(SUBDIR_DELIMITER_STR) +
data/acedb-4.9.39+dfsg.02/w1/aceout.c:200:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(filename) +
data/acedb-4.9.39+dfsg.02/w1/aceout.c:201:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(extension) + 2, fo->handle);
data/acedb-4.9.39+dfsg.02/w1/aceout.c:205:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (extension != NULL && strlen(extension) > 0)
data/acedb-4.9.39+dfsg.02/w1/aceout.c:207:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (fo->filename, ".");
data/acedb-4.9.39+dfsg.02/w1/aceout.c:227:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fo->filename = halloc (strlen("mailto:") +
data/acedb-4.9.39+dfsg.02/w1/aceout.c:228:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(address) + 1, fo->handle);
data/acedb-4.9.39+dfsg.02/w1/aceout.c:868:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ln = strlen(text) ;
data/acedb-4.9.39+dfsg.02/w1/arraysub.c:922:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (s->ptr + strlen(text) > s->safe)
data/acedb-4.9.39+dfsg.02/w1/arraysub.c:923:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stackExtend (s,strlen(text)+1) ;
data/acedb-4.9.39+dfsg.02/w1/arraysub.c:941:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (s->ptr + strlen(text) > s->safe)
data/acedb-4.9.39+dfsg.02/w1/arraysub.c:942:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stackExtend (s,strlen(text)+1) ;
data/acedb-4.9.39+dfsg.02/w1/arraysub.c:988:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(delimiters) ;
data/acedb-4.9.39+dfsg.02/w1/arraysub.c:1049:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = strlen (text) ;
data/acedb-4.9.39+dfsg.02/w1/bump.c:290:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(text) ;
data/acedb-4.9.39+dfsg.02/w1/call.c:185:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
peek = fgetc (pipe) ; /* first char from popen on DEC
data/acedb-4.9.39+dfsg.02/w1/dict.c:320:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (s) ;
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:144:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcmp((path + strlen(path) - 1), path_delim) != 0) /* Last char = "/" ?? */
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:193:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcmp((path + strlen(path) - 1), path_delim) != 0) /* Last char = "/" ?? */
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:243:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) == 0)
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:247:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_copy = messalloc ((strlen(path)+1) * sizeof(char));
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:250:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = path_copy + (strlen(path_copy) - 1);
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:323:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = name + strlen (name) ;
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:383:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(user) == 0)
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:602:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
realname = messalloc(strlen(nam)+strlen(suffix)+2);
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:602:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
realname = messalloc(strlen(nam)+strlen(suffix)+2);
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:605:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(realname, ".");
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:823:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
endLen = strlen (ending) ;
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:828:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (entryPathName, "/") ;
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:829:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
leaf = entryPathName + strlen(dirName) + 1 ;
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:833:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dLen = strlen (dName) ;
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:940:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(curr_file, buffer, buf_size) != buf_size)
data/acedb-4.9.39+dfsg.02/w1/freeout.c:136:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ln = strlen(text) ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:86:34: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define _FREECHAR (currfil ? getc (currfil) : *currtext++)
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:153:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) > 23)
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:351:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
chint = getc(fil) ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:362:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = getc (fil)) == '/')
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:363:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ while (getc(fil) != '\n' && !feof(fil)) ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:375:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*in = getc(fil) ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:378:30: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (isspace (*in = getc(fil))) ; /* remove whitespace */
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:638:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| (endptr != (char *)(word + strlen((char *)word))) /* some other character wrong */
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:694:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| (endptr != (char *)(word + strlen((char *)word))) /* some other character wrong */
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:754:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| (endptr != (char *)(word + strlen((char *)word))) /* some other character wrong */
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:903:16: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
answer = getchar () ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:908:18: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
answer = getchar () ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1156:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cq = cp + strlen(cp) - 1 ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1196:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
array (a, base+3*(1+strlen(text)), char) = 0 ; /* ensure long enough */
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1198:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
base += 1 + strlen(text) ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1203:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
array (a, 2*(1+strlen(text)), char) = 0 ; /* ensure long enough */
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1235:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
array (a, base+3*(1+strlen(text)), char) = 0 ; /* ensure long enough */
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1237:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
base += 1 + strlen(text) ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1242:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
array (a, 2*(1+strlen(text)), char) = 0 ; /* ensure long enough */
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1288:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
array (a, base+7*(1+strlen(text)), char) = 0 ; /* ensure long enough */
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1290:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
base += 1 + strlen(text) ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1295:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
array (a, 6*(1+strlen(text)), char) = 0 ; /* ensure long enough */
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1366:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
array (a, base+7*(1+strlen(text)), char) = 0 ; /* ensure long enough */
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1368:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
base += 1 + strlen(text) ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1374:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
array (a, 6*(1+strlen(text)), char) = 0 ; /* ensure long enough */
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1389:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cq += strlen(array(translations, i, ARRAYTYPE).protect) ;
data/acedb-4.9.39+dfsg.02/w1/getopt.c:269:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# if (!defined __STDC__ || !__STDC__) && !defined strlen
data/acedb-4.9.39+dfsg.02/w1/getopt.c:272:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extern int strlen (const char *);
data/acedb-4.9.39+dfsg.02/w1/getopt.c:463:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = nonoption_flags_max_len = strlen (orig_str);
data/acedb-4.9.39+dfsg.02/w1/getopt.c:691:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
== (unsigned int) strlen (p->name))
data/acedb-4.9.39+dfsg.02/w1/getopt.c:718:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/acedb-4.9.39+dfsg.02/w1/getopt.c:750:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/acedb-4.9.39+dfsg.02/w1/getopt.c:766:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/acedb-4.9.39+dfsg.02/w1/getopt.c:771:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/acedb-4.9.39+dfsg.02/w1/getopt.c:882:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((unsigned int) (nameend - nextchar) == strlen (p->name))
data/acedb-4.9.39+dfsg.02/w1/getopt.c:905:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/acedb-4.9.39+dfsg.02/w1/getopt.c:925:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/acedb-4.9.39+dfsg.02/w1/getopt.c:939:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/acedb-4.9.39+dfsg.02/w1/getopt.c:943:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:179:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(subject) == 0)
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:193:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (filename, "?");
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:199:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (filename, ""); /* intialise, if this is
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:230:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (filename, "");
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:244:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (filename, "");
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:248:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) > 0)
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:259:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(subject_copy)) == 0)
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:271:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (filename, ""); /* not found */
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:310:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen (subject_copy);
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:319:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (filename, "");
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:339:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (filename, "?");
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:443:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcasecmp (helpFilename + (strlen(helpFilename)-4), ".gif") == 0)
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:525:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(cp); ++i)
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:534:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cp[strlen(cp)-1] == ' ')
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:535:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp[strlen(cp)-1] = '\0' ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:563:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = 7+6+strlen(filGetFilename(link))+8+10+strlen(link)+2;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:563:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = 7+6+strlen(filGetFilename(link))+8+10+strlen(link)+2;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:604:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(s)*2 + strlen("html") + 19;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:604:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(s)*2 + strlen("html") + 19;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:623:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(s)*2 + strlen("html") + 19;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:623:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(s)*2 + strlen("html") + 19;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:877:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (node->text, start, len) ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:918:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (node->text, start, len) ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:1177:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (node->text, start, len);
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:1190:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (node->text, start, len) ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:1267:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (node->link, hstart, hlen) ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:1368:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (node->link, start, srclen) ;
data/acedb-4.9.39+dfsg.02/w1/memsubs.c:254:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ result = (char *)halloc_dbg(1+strlen(old), handle, hfname, hlineno) ;
data/acedb-4.9.39+dfsg.02/w1/messubs.c:197:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefixLength = _prefix ? strlen(_prefix) : 0 ; \
data/acedb-4.9.39+dfsg.02/w1/messubs.c:407:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (messbuf, message, BUFSIZE) ;
data/acedb-4.9.39+dfsg.02/w1/messubs.c:446:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (messbuf, message, BUFSIZE) ;
data/acedb-4.9.39+dfsg.02/w1/messubs.c:465:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (messbuf, message, BUFSIZE) ;
data/acedb-4.9.39+dfsg.02/w1/messubs.c:509:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (messbuf, message, BUFSIZE) ;
data/acedb-4.9.39+dfsg.02/w1/messubs.c:638:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (messbuf, message, BUFSIZE) ;
data/acedb-4.9.39+dfsg.02/w1/messubs.c:700:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (messbuf, message, BUFSIZE) ;
data/acedb-4.9.39+dfsg.02/w1/messubs.c:802:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (message && strlen (message) > buflen)
data/acedb-4.9.39+dfsg.02/w1/messubs.c:811:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buffer, message, buflen) ;
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:136:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!cp || !*cp || !strlen(cp))
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:141:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(filGetFilename(helpFilename))) != 0)
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:145:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:254:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(node->text)+4; ++i)
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:257:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(node->text)+4; ++i)
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:342:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
th->indent += strlen(messprintf ("%d. ", th->itemNumber)) ;
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:370:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
th->indent -= strlen(messprintf ("%d. ", th->itemNumber)) ;
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:428:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (th->buf, start, len) ;
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:432:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(th->buf) > th->WINX)
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:453:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
th->xPos += strlen(th->buf) ; /* place th->xPos at the end of word */
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:484:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (ii = strlen(th->buf)-1; ii >= i ; --ii)
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:498:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (th->buf[strlen(th->buf)-1] == '\n')
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:500:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
th->buf[strlen(th->buf)-1] = 0 ;
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:502:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
th->xPos += strlen(th->buf) ;
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:508:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
th->xPos += strlen(th->buf) ;
data/acedb-4.9.39+dfsg.02/w1/timesubs.c:718:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (buf, "-") ;
data/acedb-4.9.39+dfsg.02/w1/utils.c:740:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
num_len = strlen(num_str) ;
data/acedb-4.9.39+dfsg.02/w1/utils.c:955:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenAdd = strlen(pVal);
data/acedb-4.9.39+dfsg.02/w1/vtxt.c:131:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = cq + strlen (a) ;
data/acedb-4.9.39+dfsg.02/w1/vtxt.c:156:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cr = cp ; cs = cq + strlen (end) ;
data/acedb-4.9.39+dfsg.02/w1/vtxt.c:267:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (txt && (len = strlen (txt)))
data/acedb-4.9.39+dfsg.02/w2/colcontrol.c:594:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
instance->name = handleAlloc(0, handle, strlen(name)+1);
data/acedb-4.9.39+dfsg.02/w2/colcontrol.c:1751:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp)+3 > max)
data/acedb-4.9.39+dfsg.02/w2/colcontrol.c:1752:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max = 3+strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w2/colcontrol.c:1807:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (max < 3.0+strlen(map->cursor.text))
data/acedb-4.9.39+dfsg.02/w2/colcontrol.c:1808:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max = 3.0+strlen(map->cursor.text);
data/acedb-4.9.39+dfsg.02/w2/colcontrol.c:1823:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
y-0.5, strlen(map->cursor.text)) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:90:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i = strlen(file_filter) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:179:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (dirName[strlen(dirName)-1] == '/')
data/acedb-4.9.39+dfsg.02/w2/filquery.c:180:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dirName[strlen(dirName)-1] = 0 ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:234:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = array(boxes, ibox, char*) = messalloc (strlen(cq)+2) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:236:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (cp, "/") ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:238:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cpLength = strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:276:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(fileName, ".") ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:282:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int endLen = strlen(endName), nameLen = strlen(fileName) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:282:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int endLen = strlen(endName), nameLen = strlen(fileName) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:324:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = array(boxes, ibox, char*) = messalloc (strlen(cq)+1) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:353:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempLen = strlen (tempName) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:365:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (curr < strlen(dirName))
data/acedb-4.9.39+dfsg.02/w2/filquery.c:374:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
{ strcat(dirName, "/") ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:390:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempLen = strlen (tempName);
data/acedb-4.9.39+dfsg.02/w2/filquery.c:447:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(spec) > 1)
data/acedb-4.9.39+dfsg.02/w2/filquery.c:456:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(file_filter, "*") ; /* selecting directories */
data/acedb-4.9.39+dfsg.02/w2/filquery.c:460:24: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (end && *end) strncpy(file_filter+2, end, 28) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:473:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (dirName, ".") ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:475:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
{ strcpy (dirName, "/") ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:516:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!path || path[strlen(path)-1] != '/') /* avoid // */
data/acedb-4.9.39+dfsg.02/w2/filquery.c:517:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (path, "/") ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:520:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(fileName)) /*mhmp 30.11.98 */
data/acedb-4.9.39+dfsg.02/w2/filquery.c:527:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
{ strcat (path, ".") ;
data/acedb-4.9.39+dfsg.02/w2/gex.c:777:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(dirName) && strlen(fileName)) ? "/" : "",
data/acedb-4.9.39+dfsg.02/w2/gex.c:777:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(dirName) && strlen(fileName)) ? "/" : "",
data/acedb-4.9.39+dfsg.02/w2/gex.c:796:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(fname);
data/acedb-4.9.39+dfsg.02/w2/gex.c:818:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fileName))
data/acedb-4.9.39+dfsg.02/w2/gex.c:832:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!strlen(fileName))
data/acedb-4.9.39+dfsg.02/w2/gex.c:859:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (file_end && strlen(file_end))
data/acedb-4.9.39+dfsg.02/w2/gex.c:946:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(dirName)) ? "/" : "",
data/acedb-4.9.39+dfsg.02/w2/gex.c:953:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (file_end && strlen(file_end))
data/acedb-4.9.39+dfsg.02/w2/gex.c:1747:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
initText, strlen(initText));
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:177:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (currHelpFilename, helpFilename, MAXPATHLEN);
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:411:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (fname, "");
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:693:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
indent += (strlen(messprintf ("%d", itemNumber))-1)*chWidth ;
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:725:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
indent -= (strlen(messprintf ("%d", itemNumber))-1)*chWidth ;
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:813:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf, start, len) ;
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:817:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) > WINX)
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:847:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xPos += strlen(buf)*chWidth ; /* place xPos at the end of word */
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:878:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (ii = strlen(buf)-1; ii >= i ; --ii)
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:892:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buf[strlen(buf)-1] == '\n')
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:894:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1] = 0 ;
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:896:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xPos += strlen(buf)*chWidth ;
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:902:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xPos += strlen(buf)*chWidth ;
data/acedb-4.9.39+dfsg.02/w2/graphascii.c:85:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenOld = strlen (c->cp) ;
data/acedb-4.9.39+dfsg.02/w2/graphascii.c:91:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
asciiBumpItem(bump, strlen(c->cp) , 1, &(c->x), &(c->y)) ;
data/acedb-4.9.39+dfsg.02/w2/graphascii.c:122:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oldx = x + strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:1574:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (buttons->text) ;
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:1605:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (buttons->text) ;
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:1726:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (x.s) > e->len)
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:1735:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (e->text, x.s, e->len) ;
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:1750:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x += strlen (label) + 0.5 ;
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:1836:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (text,label, 15) ;
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:1872:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *text2 = (char*) halloc (strlen(label)+1, gActive->clearHandle) ;
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:1879:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
graphRectangle(x,y,x+3+strlen(text),y+1);
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:1891:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x += strlen(text) + 4;
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:1933:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x += strlen (text) + 0.5 ;
data/acedb-4.9.39+dfsg.02/w2/graphgdi.c:452:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TextOut(gdi->dc, x1, y1, text, strlen(text));
data/acedb-4.9.39+dfsg.02/w2/graphgdi.c:460:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
y1 - strlen(text) * gdi->yFac * textHeight * 0.6,
data/acedb-4.9.39+dfsg.02/w2/graphgdi.c:461:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text, strlen(text));
data/acedb-4.9.39+dfsg.02/w2/graphgdi.c:469:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TextOut(gdi->dc,x1,y1,text,strlen(text));
data/acedb-4.9.39+dfsg.02/w2/graphgdi.c:477:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gdImageString(gdi->dc,x1,y1,text, strlen(text));
data/acedb-4.9.39+dfsg.02/w2/graphgdkremote.c:198:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (rec->command));
data/acedb-4.9.39+dfsg.02/w2/graphgdkremote.c:243:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!data || strlen((char *) data) < 5)
data/acedb-4.9.39+dfsg.02/w2/graphgdkremote.c:282:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (orig_link && (strlen(orig_link) > 0))
data/acedb-4.9.39+dfsg.02/w2/graphgdkremote.c:359:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rec->command = messalloc(11+strlen(link));
data/acedb-4.9.39+dfsg.02/w2/graphgdkremote.c:428:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
orig_len = strlen(orig_link) ;
data/acedb-4.9.39+dfsg.02/w2/graphgif.c:260:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(text) ;
data/acedb-4.9.39+dfsg.02/w2/graphgtk.c:1137:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((const char *)responseText));
data/acedb-4.9.39+dfsg.02/w2/graphgtk.c:1170:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(versionString));
data/acedb-4.9.39+dfsg.02/w2/graphgtk.c:1178:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(appName));
data/acedb-4.9.39+dfsg.02/w2/graphgtk.c:1395:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int size = selection_string ? strlen(selection_string) : 0;
data/acedb-4.9.39+dfsg.02/w2/graphgtk.c:1655:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((char *)selection_string);
data/acedb-4.9.39+dfsg.02/w2/graphgtk.c:1778:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (menu->title && strlen(menu->title) > 0)
data/acedb-4.9.39+dfsg.02/w2/graphmesglist.c:470:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line_length = strlen(MESGLIST_NO_MESSAGES) ;
data/acedb-4.9.39+dfsg.02/w2/graphmesglist.c:482:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line_len = strlen((char *)next->data) ;
data/acedb-4.9.39+dfsg.02/w2/graphmesglist.c:548:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int msg_len = strlen(msg) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:244:29: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (pd->scale < 10.0) strcat (pd->scaleText, " ") ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:605:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pd->dirBuffer[strlen(pd->dirBuffer)-1] == '/')
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:646:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
array (pl, n, char*) = (char*)messalloc (strlen(cp)+1) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:659:19: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(printcap)) != EOF)
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:664:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(printcap);
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:672:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (s, buf, i) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:675:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(g_strstrip(s)) > 0)
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:681:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc(printcap)) == '\\')
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:684:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(printcap);
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:850:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (pd->ACEDB_LPR && n == 0 ? "ACE default" :
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:890:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (pd->ACEDB_LPR && n == 0 ? "ACE default" :
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1051:25: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (pd->scale < 10.0) strcat (pd->scaleText, " ") ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1126:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (result->mailerBuffer, "");
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1165:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (result->dirBuffer, ".") ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1222:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (getenv ("ACEDB_LPR") && n == 0 ?
data/acedb-4.9.39+dfsg.02/w2/graphselect.c:163:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(f->text) > maxLen)
data/acedb-4.9.39+dfsg.02/w2/graphselect.c:164:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxLen = strlen(f->text) ;
data/acedb-4.9.39+dfsg.02/w2/graphselect.c:206:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(f->text) > maxLen)
data/acedb-4.9.39+dfsg.02/w2/graphselect.c:207:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxLen = strlen(f->text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:616:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = strlen(text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:629:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = strlen(text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:641:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = strlen(text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:654:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = strlen(text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1408:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ebox->winText, ebox->text + ebox->winPos, ebox->winLen) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1425:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (n <= 0 || n > strlen(ebox->text))
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1426:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(ebox->text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1452:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (*cr && strlen(ebox->text) < maxtextlen)
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1454:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cq = ebox->text + strlen(ebox->text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1493:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ebox->text) > maxtextlen)
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1496:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ebox->len, strlen(ebox->text)) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1505:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = ebox->text + strlen(ebox->text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1515:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = ebox->text + strlen(ebox->text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1621:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = ebox->text + strlen(ebox->text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1632:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ebox->text) < maxtextlen)
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1634:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cq = ebox->text + strlen(ebox->text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1682:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1690:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (previous->cp > text + strlen(text))
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1691:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
previous->cp = text + strlen(text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1722:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ebox->cp = text + strlen(text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1915:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text) * UtextX ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1931:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:2349:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (link && (strlen(link) > 0))
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:2534:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
o[i].text = (char *) messalloc(1+strlen(options[i].text));
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:2616:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
o[i].text = (char *) messalloc(1+strlen(options[i].text));
data/acedb-4.9.39+dfsg.02/w2/viewedit.c:156:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "+");
data/acedb-4.9.39+dfsg.02/w2/xremotemain.c:190:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
display_str = (char*)malloc (strlen(getenv("DISPLAY")) + 1);
data/acedb-4.9.39+dfsg.02/w2/xremotemain.c:198:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
display_str = (char*)malloc (strlen(argv[i+1]) + 1);
data/acedb-4.9.39+dfsg.02/w2/xremotemain.c:285:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
commands[remoteArgNum-1] = (char*)malloc(strlen(argv[i])+1);
data/acedb-4.9.39+dfsg.02/w2/xremotemain.c:545:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (command));
data/acedb-4.9.39+dfsg.02/w3/taqlmain.c:288:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(stackText(queryStack, 0)) == 0)
data/acedb-4.9.39+dfsg.02/w3/taqlmain.c:299:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cl_query == NULL && (strlen(line) > 0))
data/acedb-4.9.39+dfsg.02/w3/taqlmain.c:301:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(stackText(queryStack, 0)) > 0)
data/acedb-4.9.39+dfsg.02/w3/taqlmain.c:318:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(query); ++i)
data/acedb-4.9.39+dfsg.02/w4/alignment.c:326:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ x = strlen (messprintf ("%d - %d", c->start, c->end)) ;
data/acedb-4.9.39+dfsg.02/w4/alignment.c:329:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
y = strlen (name (c->key)) ;
data/acedb-4.9.39+dfsg.02/w4/alignment.c:341:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
y = strlen (messprintf ("%d - %d", c->start, c->end)) ;
data/acedb-4.9.39+dfsg.02/w4/command.c:401:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (arg && strlen(arg) > 0)
data/acedb-4.9.39+dfsg.02/w4/command.c:995:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cp && strlen(cp) > 0)
data/acedb-4.9.39+dfsg.02/w4/command.c:1116:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (assigned_text && strlen(assigned_text) > 0)
data/acedb-4.9.39+dfsg.02/w4/command.c:1133:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cq = filename + strlen(filename) - 4;
data/acedb-4.9.39+dfsg.02/w4/command.c:1145:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cq = filename + strlen(filename) - 2;
data/acedb-4.9.39+dfsg.02/w4/command.c:1271:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (dumpDir[strlen(dumpDir)-1] != SUBDIR_DELIMITER)
data/acedb-4.9.39+dfsg.02/w4/command.c:1328:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cp && strlen(cp) > 0)
data/acedb-4.9.39+dfsg.02/w4/command.c:1333:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cq = cp + strlen(cp) - 1 ;
data/acedb-4.9.39+dfsg.02/w4/command.c:1593:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!cp || strlen(cp) == 0)
data/acedb-4.9.39+dfsg.02/w4/command.c:1922:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(stackText (textStack,0)) > 0)
data/acedb-4.9.39+dfsg.02/w4/command.c:2261:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aceOutBinary ( look->dump_out, cp, strlen(cp)) ;
data/acedb-4.9.39+dfsg.02/w4/command.c:2771:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(arrp(dna, 0, char)))
data/acedb-4.9.39+dfsg.02/w4/command.c:2788:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(arrp(pep, 0, char)))
data/acedb-4.9.39+dfsg.02/w4/command.c:3381:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((cp = aceInPos(command_in)) && strlen(cp) > 0)
data/acedb-4.9.39+dfsg.02/w4/command.c:3615:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(querytext) == 0)
data/acedb-4.9.39+dfsg.02/w4/command.c:3699:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aceOutBinary (result_out, cp, strlen(cp)) ;
data/acedb-4.9.39+dfsg.02/w4/command.c:3711:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aceOutBinary (result_out, cp, strlen(cp)) ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:264:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aceOutBinary( dump_out, cp, strlen(cp)+1);
data/acedb-4.9.39+dfsg.02/w4/dump.c:374:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aceOutBinary( dump_out, cp, strlen(cp) + 1) ;
data/acedb-4.9.39+dfsg.02/w4/gifcommand.c:431:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fileName[strlen(fileName)-4] = '\0';
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:661:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ strncpy (text, name(keySet(ks,0)), len-1) ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:665:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(text) ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:729:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, text, 79) ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:743:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = text + strlen(text) ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:757:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, text, 79) ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:975:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (pick->template,"*") ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:1062:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:1065:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (pick->template, "*") ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:1459:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (mainPick->template,"*") ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:1465:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(mainPick->whatdoIdoText, "");
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:1499:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (mainPick->grepText, "");
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:1731:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (mainPick->template,"*") ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:1842:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pick->whatdoIdoText, text, ACTIVITY_LENGTH-1) ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:2049:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
{ strcpy (pick->template, "*") ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:2069:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
{ strcpy (pick->template, "*") ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:2133:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lastText,localText,255) ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:2134:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pick->grepText,localText,255) ;
data/acedb-4.9.39+dfsg.02/w4/model.c:206:20: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch (c = (getc (fil) | inQuotes))
data/acedb-4.9.39+dfsg.02/w4/model.c:214:22: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c = getc(fil)) && c != '\n' && !feof(fil) ) ;
data/acedb-4.9.39+dfsg.02/w4/model.c:252:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(word))
data/acedb-4.9.39+dfsg.02/w4/model.c:253:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ cp = word + strlen(word) - 1 ;
data/acedb-4.9.39+dfsg.02/w4/model.c:1166:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
showModelNodeJaq (fo, bs->right, x + strlen(tname) + 1, y, lastTag, dLastTag) ;
data/acedb-4.9.39+dfsg.02/w4/newkey.c:151:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pickVocList[i].text) > sep)
data/acedb-4.9.39+dfsg.02/w4/newkey.c:152:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sep = strlen (pickVocList[i].text) ;
data/acedb-4.9.39+dfsg.02/w4/newkey.c:175:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buttonItem->text) > 0 && buttonItem->f)
data/acedb-4.9.39+dfsg.02/w4/newkey.c:240:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (nameText, aceInPos(name_in), 127) ;
data/acedb-4.9.39+dfsg.02/w4/newkey.c:376:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(aliasName) == 0)
data/acedb-4.9.39+dfsg.02/w4/newkey.c:425:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newName) == 0)
data/acedb-4.9.39+dfsg.02/w4/newkey.c:487:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(classNameBuf,name(currClass),31) ;
data/acedb-4.9.39+dfsg.02/w4/newkey.c:520:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(classNameBuf,name(currClass),31) ;
data/acedb-4.9.39+dfsg.02/w4/newkey.c:549:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(classNameBuf,className(key),31) ;
data/acedb-4.9.39+dfsg.02/w4/newkey.c:552:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (nameText, name(key), 127) ;
data/acedb-4.9.39+dfsg.02/w4/parse.c:1157:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*word == '-' && strlen(word) == 2)
data/acedb-4.9.39+dfsg.02/w4/parse.c:1900:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pdisp->pf->filename && strlen(pdisp->pf->filename) > 0)
data/acedb-4.9.39+dfsg.02/w4/parse.c:1994:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (pdisp->itemText, "");
data/acedb-4.9.39+dfsg.02/w4/parse.c:2003:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (pdisp->lineText, "");
data/acedb-4.9.39+dfsg.02/w4/parse.c:2039:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pdisp->lineText, stackText(s, 0), 64);
data/acedb-4.9.39+dfsg.02/w4/parse.c:2052:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(pdisp->nparsedText, "") ;
data/acedb-4.9.39+dfsg.02/w4/parse.c:2053:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(pdisp->nokText, "") ;
data/acedb-4.9.39+dfsg.02/w4/parse.c:2054:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(pdisp->nerrorText, "") ;
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:124:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(item.name, buff+1, 32);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:317:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
REG_SZ, valbuff, strlen(valbuff)+1);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:348:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(filename, "/");
data/acedb-4.9.39+dfsg.02/w4/queryexe.c:745:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp) < 3)
data/acedb-4.9.39+dfsg.02/w4/queryexe.c:766:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp) < 3)
data/acedb-4.9.39+dfsg.02/w4/queryexe.c:1380:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cond->stack = stackCreate(12*strlen(text)) ; /* wild big guess */
data/acedb-4.9.39+dfsg.02/w4/queryexe.c:2451:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp) < 3 )
data/acedb-4.9.39+dfsg.02/w4/queryexe.c:2508:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp) >= 3)
data/acedb-4.9.39+dfsg.02/w4/queryexe.c:2528:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp) >= 3)
data/acedb-4.9.39+dfsg.02/w4/queryexe.c:2819:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cq = buffer = messalloc (strlen(text) + 1) ;
data/acedb-4.9.39+dfsg.02/w4/session.c:456:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_copy = malloc(strlen(mesg_buf) + 1);
data/acedb-4.9.39+dfsg.02/w4/session.c:1410:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(cp) + 1 ;
data/acedb-4.9.39+dfsg.02/w4/session.c:1622:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bsGetData(obj,_Session_Title, _Text, &cp) && strlen(cp) > 0)
data/acedb-4.9.39+dfsg.02/w4/session.c:1627:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
st->len = strlen(st->title);
data/acedb-4.9.39+dfsg.02/w4/session.c:1639:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
st->len = strlen(st->title);
data/acedb-4.9.39+dfsg.02/w4/session.c:1839:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (word) > 31)
data/acedb-4.9.39+dfsg.02/w4/session.c:2447:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (thisSession.name, getLogin(TRUE), 78) ;
data/acedb-4.9.39+dfsg.02/w4/session.c:3536:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(readlock_filename) == 0) /* don't use readlocks */
data/acedb-4.9.39+dfsg.02/w4/session.c:3656:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (readlock_filename, "");
data/acedb-4.9.39+dfsg.02/w4/session.c:3675:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write (fd, buffer, strlen(buffer));
data/acedb-4.9.39+dfsg.02/w4/session.c:3686:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (readlock_filename, "");
data/acedb-4.9.39+dfsg.02/w4/session.c:3725:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(readlock_filename) == 0)
data/acedb-4.9.39+dfsg.02/w4/session.c:3765:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(readlock_filename) == 0)
data/acedb-4.9.39+dfsg.02/w4/session.c:3774:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (readlock_filename, "");
data/acedb-4.9.39+dfsg.02/w4/session.c:3777:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (readlock_filename, "");
data/acedb-4.9.39+dfsg.02/w4/session.c:3860:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp3 = cp2 + strlen(cp2);
data/acedb-4.9.39+dfsg.02/w4/sigsubs.c:254:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(stdin);
data/acedb-4.9.39+dfsg.02/w4/status.c:392:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((indent = STATUS_JUSTIFY - strlen(label)) < STATUS_MIN_INDENT)
data/acedb-4.9.39+dfsg.02/w4/status.c:413:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((indent = STATUS_JUSTIFY - strlen(label)) < STATUS_MIN_INDENT)
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:113:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(spread->titleBuffer) > 0)
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:115:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(spread->paramBuffer) > 0)
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:249:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c->conditionBuffer) > 0)
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:342:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(spread->titleBuffer) > 0)
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:354:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(spread->paramBuffer) > 0)
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:368:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (c->headerBuffer && strlen(c->headerBuffer) > 0)
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:404:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c->conditionBuffer) > 0)
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:576:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (inParams && strlen(inParams) > 0)
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:603:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cp && strlen(cp) > 0)
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:818:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(c->headerBuffer, cp, 59) ;
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:827:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(spread->titleBuffer, cp, 59) ;
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:846:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(spread->paramBuffer, cp, 179) ;
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:1059:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_buf = (char*)messalloc(strlen(from_buf) * 2 + 1);
data/acedb-4.9.39+dfsg.02/w4/tabledefsubs.c:472:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(masterCol->conditionBuffer) > 0 &&
data/acedb-4.9.39+dfsg.02/w4/tabledefsubs.c:478:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(masterCol->conditionBuffer) > 0)
data/acedb-4.9.39+dfsg.02/w4/update.c:196:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fn = fileName + strlen(fileName) ;
data/acedb-4.9.39+dfsg.02/w5/acache.c:336:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (format && strlen(format) > 32)
data/acedb-4.9.39+dfsg.02/w5/acache.c:349:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(v->format, format, 32) ;
data/acedb-4.9.39+dfsg.02/w5/adisk.c:357:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (cp) > 1023)
data/acedb-4.9.39+dfsg.02/w5/adisk.c:778:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((nb = read (p->r,vp,size)) != size)
data/acedb-4.9.39+dfsg.02/w5/blocksub.c:441:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i += strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w5/blocksub.c:459:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i += strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w5/bs2block.c:159:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ bs->size = bs->bt && bs->bt->cp ? strlen(bs->bt->cp) + 1 : 1 ;
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1183:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while( (n = read(fd, vp, size)) != size )
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1619:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
FMfilwrite ( fpMap, (unsigned char*) mapString, strlen ( mapString ) ) ;
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1627:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(pp->fileSystem)) strcpy(fileSystem, "ACEDB");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1628:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(pp->fileName)) strcpy(fileName, "NONE");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1634:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
FMfilwrite (fpMap, (unsigned char*) mapString, strlen (mapString) ) ;
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1683:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pp->fileSystem) == 0)
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1686:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pp->fileName) == 0)
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1731:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(pp->fileSystem, "");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1819:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(pp->fileSystem, "");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1821:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(pp->fileName, "");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1943:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(error_text, "");
data/acedb-4.9.39+dfsg.02/w5/lexalpha.c:392:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen (cp);
data/acedb-4.9.39+dfsg.02/w5/lexsubs4.c:832:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (cq = cp + strlen(cp) ; cq-- > cp ; )
data/acedb-4.9.39+dfsg.02/w5/lexsubs4.c:1346:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(nam) + strlen(classNam) + EXTRA_CHARS) > buflen)
data/acedb-4.9.39+dfsg.02/w5/lexsubs4.c:1346:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(nam) + strlen(classNam) + EXTRA_CHARS) > buflen)
data/acedb-4.9.39+dfsg.02/w5/lexsubs4.c:1350:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen = strlen(nam) + strlen(classNam) + EXTRA_CHARS ;
data/acedb-4.9.39+dfsg.02/w5/lexsubs4.c:1350:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen = strlen(nam) + strlen(classNam) + EXTRA_CHARS ;
data/acedb-4.9.39+dfsg.02/w5/lexsubs4.c:1616:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int classe = class(key) , n = strlen(oldName) ;
data/acedb-4.9.39+dfsg.02/w5/lexsubs4.c:1621:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newName) > n )
data/acedb-4.9.39+dfsg.02/w5/lexsubs4.c:2197:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
( (stackMark(Voc[t]) + strlen(cp)) > MAXVOCAB ))
data/acedb-4.9.39+dfsg.02/w6/acedbgraph.c:460:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buffer, aceInWord(view_in), 40);
data/acedb-4.9.39+dfsg.02/w6/acedbgraph.c:748:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, aceInWord(view_in), 40);
data/acedb-4.9.39+dfsg.02/w6/acedbgraph.c:752:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buffer) == 0)
data/acedb-4.9.39+dfsg.02/w6/acedbgraph.c:860:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
viewnam = handleAlloc(0, handle, 1+strlen(s));
data/acedb-4.9.39+dfsg.02/w6/action.c:253:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ if (max < strlen(cp))
data/acedb-4.9.39+dfsg.02/w6/action.c:254:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max = strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w6/aqldisp.c:154:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(error);
data/acedb-4.9.39+dfsg.02/w6/bsdumps.c:132:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cq = question + strlen(question) - 1 ;
data/acedb-4.9.39+dfsg.02/w6/bssubs.c:1490:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bs->bt->cp = messalloc (strlen ((char*)xp) + 1) ;
data/acedb-4.9.39+dfsg.02/w6/bssubs.c:1517:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!text || !strlen(text))
data/acedb-4.9.39+dfsg.02/w6/bstree.c:242:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
register int i = strlen(bsxxx->bt->cp) ;
data/acedb-4.9.39+dfsg.02/w6/bstree.c:299:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = 2+(strlen(bs->bt->cp)+NODEX-1)/NODEX; /* michel was 1+.. */
data/acedb-4.9.39+dfsg.02/w6/bstree.c:348:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = ( u ? strlen(u) : 0 ) + ( v ? strlen(v) : 0 ) ;
data/acedb-4.9.39+dfsg.02/w6/bstree.c:348:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = ( u ? strlen(u) : 0 ) + ( v ? strlen(v) : 0 ) ;
data/acedb-4.9.39+dfsg.02/w6/display.c:615:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(url) >= strlen(str) &&
data/acedb-4.9.39+dfsg.02/w6/display.c:615:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(url) >= strlen(str) &&
data/acedb-4.9.39+dfsg.02/w6/display.c:616:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(url, str, strlen(str)) == 0 )
data/acedb-4.9.39+dfsg.02/w6/display.c:618:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url += strlen(str);
data/acedb-4.9.39+dfsg.02/w6/display.c:624:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(url) >= strlen(str) &&
data/acedb-4.9.39+dfsg.02/w6/display.c:624:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(url) >= strlen(str) &&
data/acedb-4.9.39+dfsg.02/w6/display.c:625:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcmp(url+strlen(url)-strlen(str), str) == 0))
data/acedb-4.9.39+dfsg.02/w6/display.c:625:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcmp(url+strlen(url)-strlen(str), str) == 0))
data/acedb-4.9.39+dfsg.02/w6/display.c:626:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(url+strlen(url)-strlen(str)) = 0;
data/acedb-4.9.39+dfsg.02/w6/display.c:626:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(url+strlen(url)-strlen(str)) = 0;
data/acedb-4.9.39+dfsg.02/w6/display.c:641:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = 1+strlen(url);
data/acedb-4.9.39+dfsg.02/w6/display.c:642:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (arr(a, i, BSunit).s) len += strlen(arr(a, i, BSunit).s);
data/acedb-4.9.39+dfsg.02/w6/display.c:643:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (arr(a, i+1, BSunit).s) len += strlen(arr(a, i+1, BSunit).s);
data/acedb-4.9.39+dfsg.02/w6/display.c:1028:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dp->title, cp, 41) ;
data/acedb-4.9.39+dfsg.02/w6/display.c:1032:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dp->help, cp, 31) ;
data/acedb-4.9.39+dfsg.02/w6/display.c:1141:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dp->title, displayName, 31) ;
data/acedb-4.9.39+dfsg.02/w6/display.c:1142:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(dp->help, "", 31) ;
data/acedb-4.9.39+dfsg.02/w6/dnasubs.c:263:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dna_length = strlen(dna) ;
data/acedb-4.9.39+dfsg.02/w6/dnasubs.c:1456:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aceOutBinary ( dump_out, cp, strlen(cp) + 1) ;
data/acedb-4.9.39+dfsg.02/w6/forest.c:252:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy (forest->mot,"", 1023) ;
data/acedb-4.9.39+dfsg.02/w6/forest.c:257:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (forest->mot, stackText(forest->s, seg->n), 1023) ;
data/acedb-4.9.39+dfsg.02/w6/forest.c:276:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (buf, "*") ;
data/acedb-4.9.39+dfsg.02/w6/forest.c:589:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp) == 0)
data/acedb-4.9.39+dfsg.02/w6/forest.c:769:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncasecmp(cc,txt,strlen(txt)))
data/acedb-4.9.39+dfsg.02/w6/forest.c:1402:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp) > xPlus)
data/acedb-4.9.39+dfsg.02/w6/forest.c:1403:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xPlus = strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w6/forest.c:1409:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp)+2 >xPlus)
data/acedb-4.9.39+dfsg.02/w6/forest.c:1410:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xPlus = strlen(cp)+2 ;
data/acedb-4.9.39+dfsg.02/w6/forest.c:1507:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp) > xPlus)
data/acedb-4.9.39+dfsg.02/w6/forest.c:1508:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xPlus = strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w6/forest.c:1511:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp)+2 >xPlus)
data/acedb-4.9.39+dfsg.02/w6/forest.c:1512:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xPlus = strlen(cp)+2 ;
data/acedb-4.9.39+dfsg.02/w6/forest.c:1966:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ii = strlen(cp) + 2 ;
data/acedb-4.9.39+dfsg.02/w6/ksetdisp.c:2040:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((j = strlen(cp3)) > *cWidth){
data/acedb-4.9.39+dfsg.02/w6/ksetdisp.c:2046:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((j = strlen(cp)) > *cWidth){
data/acedb-4.9.39+dfsg.02/w6/ksetdisp.c:2338:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(look->message);
data/acedb-4.9.39+dfsg.02/w6/layoutdisp.c:145:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
z->x = strlen(name(key)) + 2 ;
data/acedb-4.9.39+dfsg.02/w6/layoutdisp.c:557:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ll->x + strlen(name(ll->key)) + 2 > xmax)
data/acedb-4.9.39+dfsg.02/w6/layoutdisp.c:558:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xmax = ll->x + strlen(name(ll->key)) + 2 ;
data/acedb-4.9.39+dfsg.02/w6/layoutdisp.c:561:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = ll->x + strlen(name(ll->key)) + 2 ;
data/acedb-4.9.39+dfsg.02/w6/layoutdisp.c:591:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ll->x + strlen(name(ll->key)) + 2 > xmax)
data/acedb-4.9.39+dfsg.02/w6/layoutdisp.c:592:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xmax = ll->x + strlen(name(ll->key)) + 2 ;
data/acedb-4.9.39+dfsg.02/w6/layoutdisp.c:642:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = xmax + strlen(name(key)) ;
data/acedb-4.9.39+dfsg.02/w6/layoutdisp.c:648:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xmax += strlen(name(key)) +1 ;
data/acedb-4.9.39+dfsg.02/w6/longtextdisp.c:329:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x += strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w6/longtextdisp.c:367:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x += strlen(cp) + 1 ;
data/acedb-4.9.39+dfsg.02/w6/multimapdisp.c:543:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mmdisp->title) > 0)
data/acedb-4.9.39+dfsg.02/w6/multimapdisp.c:1522:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mmdisp->title) > 0)
data/acedb-4.9.39+dfsg.02/w6/multimapdisp.c:1540:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tableGetColumnName(mmdisp->table, j)) > 0)
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:144:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aceOutBinary ( dump_out, cp, strlen(cp) + 1) ;
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:179:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aceOutBinary ( dump_out, cp, strlen(cp) + 1) ;
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:186:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aceOutBinary ( dump_out, cp, strlen(cp) + 1) ;
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:194:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aceOutBinary (dump_out, cp, strlen(cp) + 1) ;
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:310:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aceOutBinary ( dump_out, cp, strlen (cp) + 1) ;
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:422:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp) > xPlus)
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:423:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xPlus = strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:434:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp)+2 > xPlus)
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:435:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xPlus = strlen(cp)+2 ;
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:516:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cq = question + strlen(question) - 1 ;
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:704:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cq = question + strlen(question) - 1 ;
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:1077:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cq = question + strlen(question) - 1 ;
data/acedb-4.9.39+dfsg.02/w6/peptide.c:1454:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(translation) == 64
data/acedb-4.9.39+dfsg.02/w6/peptide.c:1455:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(start) == 64
data/acedb-4.9.39+dfsg.02/w6/peptide.c:1456:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(stop) == 64
data/acedb-4.9.39+dfsg.02/w6/peptide.c:1457:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(base1) == 64
data/acedb-4.9.39+dfsg.02/w6/peptide.c:1458:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(base2) == 64
data/acedb-4.9.39+dfsg.02/w6/peptide.c:1459:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(base3) == 64)
data/acedb-4.9.39+dfsg.02/w6/peptide.c:1544:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aceOutBinary (dump_out, cp, strlen(cp) + 1) ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:819:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
graphText(cp, look->leftMargin -1 - look->axisShift - strlen(cp) , YY(i) - .5) ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:824:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
graphText(cp, look->leftMargin - 1 - look->axisShift - strlen(cp) , YY(i) - .5) ;
data/acedb-4.9.39+dfsg.02/w6/plot2d.c:480:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
graphText (cp, p2d->leftMargin - strlen(cp)-1.5,y-.5) ;
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:532:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buffer, "");
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:854:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(tagval->name);
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:889:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tagval->name, "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:278:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(result, " "); /* add a space between words */
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:293:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(result, "\"");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:296:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(result, "*");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:319:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(result, "*");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:321:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(result, "\"");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:351:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ARR2STRING(qbuild->entries, i), "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:352:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ARR2STRING(qbuild->syntax, i), "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:356:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(qbuild->classtag_entry, "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:357:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(qbuild->classtag_syntax, "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:361:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ARR2STRING(qbuild->entries, i), "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:362:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ARR2STRING(qbuild->syntax, i), "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:436:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(qbuild->preclass_syntax, "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:477:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(qbuild->classtag_syntax,"");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:519:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(qbuild->classtag_syntax,"");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:608:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(syntax_a, "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:690:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(syntax_c,"");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:694:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(syntax_c, "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:711:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(syntax_c, "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:713:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(syntax_c, "=");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:719:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(syntax_c, ">");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:725:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(syntax_c, "<");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:730:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(syntax_c, "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:735:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(syntax_c, "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:822:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qc = quote_chr+strlen(quote_chr);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:893:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(syntax_j, "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:904:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(syntax_j, "#");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:909:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(syntax_j, "&");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:929:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(syntax_j, "&");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:931:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(syntax_j, "|");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:934:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(syntax_j, "^");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:936:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(syntax_j, "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:940:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(syntax_j, "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:969:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ARR2STRING(qbuild->syntax, i), "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:971:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ARR2STRING(qbuild->entries, i), "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:985:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(syntax_j, "");
data/acedb-4.9.39+dfsg.02/w6/querydisp.c:148:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (auto_filename, "X");
data/acedb-4.9.39+dfsg.02/w6/querydisp.c:192:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (c = fgetc(fil), c != (char)EOF)
data/acedb-4.9.39+dfsg.02/w6/querydisp.c:281:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(quer->fileName)
data/acedb-4.9.39+dfsg.02/w6/querydisp.c:374:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
event.buffer.buff.blen = strlen(stackText(buf,0)) ;
data/acedb-4.9.39+dfsg.02/w6/querydisp.c:496:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ARR2STRING(quer->pgm, 0), "");
data/acedb-4.9.39+dfsg.02/w6/querydisp.c:556:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buffer) >= QBUFF_MULT*BUFFER_SIZE)
data/acedb-4.9.39+dfsg.02/w6/querydisp.c:560:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ARR2STRING(quer->pgm, (quer->curr - quer->pgmBox -1)/2),
data/acedb-4.9.39+dfsg.02/w6/querydisp.c:702:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (quer->fileName, "") ;
data/acedb-4.9.39+dfsg.02/w6/sessiondisp.c:505:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(cp) > 80)
data/acedb-4.9.39+dfsg.02/w6/sessiondisp.c:507:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp) > 0)
data/acedb-4.9.39+dfsg.02/w6/smap.c:721:13: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (info->mismatch)
data/acedb-4.9.39+dfsg.02/w6/smap.c:722:38: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
for (i = 0 ; i < arrayMax (info->mismatch) ; ++i)
data/acedb-4.9.39+dfsg.02/w6/smap.c:724:33: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
SMapMismatch *mis = arrp(info->mismatch, i, SMapMismatch) ;
data/acedb-4.9.39+dfsg.02/w6/smap.c:1570:23: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
mis = arrayp(info->mismatch, arrayMax(info->mismatch), SMapMismatch) ;
data/acedb-4.9.39+dfsg.02/w6/smap.c:1570:48: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
mis = arrayp(info->mismatch, arrayMax(info->mismatch), SMapMismatch) ;
data/acedb-4.9.39+dfsg.02/w6/smap.c:1578:26: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
mis = arrayp(info->mismatch, 0, SMapMismatch) ;
data/acedb-4.9.39+dfsg.02/w6/smap.c:1586:13: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (info->mismatch && !arrayMax (info->mismatch))
data/acedb-4.9.39+dfsg.02/w6/smap.c:1586:42: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (info->mismatch && !arrayMax (info->mismatch))
data/acedb-4.9.39+dfsg.02/w6/smap.c:1587:25: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
arrayDestroy (info->mismatch) ;
data/acedb-4.9.39+dfsg.02/w6/smap.c:2670:13: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (info->mismatch)
data/acedb-4.9.39+dfsg.02/w6/smap.c:2675:35: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
SMapMismatch *m = arrayp(info->mismatch, i, SMapMismatch);
data/acedb-4.9.39+dfsg.02/w6/smap_.h:93:9: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
Array mismatch ; /* of SMapMisMatch */
data/acedb-4.9.39+dfsg.02/w6/tabledisp.c:334:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tdisp->title) > 0)
data/acedb-4.9.39+dfsg.02/w6/tabledisp.c:397:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tdisp->title) > 0)
data/acedb-4.9.39+dfsg.02/w6/tabledisp.c:578:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(line, inText, 1000);
data/acedb-4.9.39+dfsg.02/w6/tabledisp.c:580:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) > outLength)
data/acedb-4.9.39+dfsg.02/w6/tabledisp.c:594:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(line);
data/acedb-4.9.39+dfsg.02/w6/tablemakerdisp.c:307:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(tmdisp->spread->filename)
data/acedb-4.9.39+dfsg.02/w6/tablemakerdisp.c:921:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(cp, "?") ;
data/acedb-4.9.39+dfsg.02/w6/tablemakerdisp.c:1264:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(col->conditionBuffer) > 0 &&
data/acedb-4.9.39+dfsg.02/w6/tablemakerdisp.c:1356:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmdisp->spread->titleBuffer) > 0)
data/acedb-4.9.39+dfsg.02/w6/tablemakerdisp.c:1561:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(col->tagTextBuffer, "?") ;
data/acedb-4.9.39+dfsg.02/w6/tablemakerdisp.c:1563:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(col->tagTextBuffer, stackText(col->tagStack,0), 359) ;
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:1374:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen (cp0) ;
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:1655:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stackTextForceFeed (drawLook->textStack, strlen(text) + 2560) ;
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:1658:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
y = drawTextEntry (class(bs->key), strlen(text) + 2500,
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:1668:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) > xPlus)
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:1669:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xPlus = strlen(text) ;
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:1701:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp) > xPlus)
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:1702:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xPlus = strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:1706:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp)+2 > xPlus)
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:1707:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xPlus = strlen(cp)+2 ;
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:2026:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x += strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:2035:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x += strlen(cp) + 1 ;
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:2045:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (1 + strlen (cp) > xmax)
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:2046:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xmax = 1 + strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:2607:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ bs->bt->cp = (char*) messalloc (strlen (text) + 1) ;
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:3058:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (look->tagWarp[strlen(look->tagWarp)-1] == '*')
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:3060:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
look->tagWarp[strlen(look->tagWarp)-1] = '\0';
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:3269:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (g_strncasecmp(element, pattern, strlen(pattern)) ==0)
data/acedb-4.9.39+dfsg.02/w7/alignmentdisp.c:139:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ x = strlen (messprintf ("%d - %d", c->start, c->end)) ;
data/acedb-4.9.39+dfsg.02/w7/alignmentdisp.c:142:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
y = strlen (name (c->key)) ;
data/acedb-4.9.39+dfsg.02/w7/alignmentdisp.c:155:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (c->seq) > maxlen)
data/acedb-4.9.39+dfsg.02/w7/alignmentdisp.c:156:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxlen = strlen (c->seq) ;
data/acedb-4.9.39+dfsg.02/w7/alignmentdisp.c:197:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ x = strlen (messprintf ("%s/%d-%d", name(c->key), c->start, c->end)) ;
data/acedb-4.9.39+dfsg.02/w7/biblio.c:677:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lastSpace = strlen(cc) - 1 ;
data/acedb-4.9.39+dfsg.02/w7/biblio.c:680:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(cc); i++)
data/acedb-4.9.39+dfsg.02/w7/biblio.c:685:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = lastSpace + 1; i < strlen(cc); i++)
data/acedb-4.9.39+dfsg.02/w7/biblio.c:693:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (cc) - lastSpace > 4 + nbDot + nbMinus)
data/acedb-4.9.39+dfsg.02/w7/biblio.c:694:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lastSpace = strlen(cc) - 1 ;
data/acedb-4.9.39+dfsg.02/w7/biblio.c:701:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (lastSpace != strlen(cc) - 1)
data/acedb-4.9.39+dfsg.02/w7/biblio.c:708:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=lastSpace + 1; i<strlen(cc); i++)
data/acedb-4.9.39+dfsg.02/w7/biblio.c:853:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp))
data/acedb-4.9.39+dfsg.02/w7/biblio.c:880:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lastSpace = strlen(cc) - 1 ;
data/acedb-4.9.39+dfsg.02/w7/biblio.c:883:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(cc); i++)
data/acedb-4.9.39+dfsg.02/w7/biblio.c:888:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=lastSpace + 1; i<strlen(cc); i++)
data/acedb-4.9.39+dfsg.02/w7/biblio.c:895:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (cc) - lastSpace > 4 + nbDot + nbMinus)
data/acedb-4.9.39+dfsg.02/w7/biblio.c:896:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lastSpace = strlen(cc) - 1 ;
data/acedb-4.9.39+dfsg.02/w7/biblio.c:901:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=lastSpace + 1; i<strlen(cc); i++)
data/acedb-4.9.39+dfsg.02/w7/biblio.c:909:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (lastSpace != strlen(cc) -1)/* initiales ? */
data/acedb-4.9.39+dfsg.02/w7/biblio.c:1065:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp))
data/acedb-4.9.39+dfsg.02/w7/biblio.c:1130:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(biblio->cp, title, 70);
data/acedb-4.9.39+dfsg.02/w7/biblio.c:1449:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp))
data/acedb-4.9.39+dfsg.02/w7/coltest.c:181:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(messprintf("%d", draw->number));
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:633:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(look->title,messprintf("(%s)", name (key)),BUF_WIDTH-strlen(look->title)) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:633:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(look->title,messprintf("(%s)", name (key)),BUF_WIDTH-strlen(look->title)) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:635:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(look->title,messprintf(": \"%s\"",name(desckey)),BUF_WIDTH-strlen(look->title)) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:635:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(look->title,messprintf(": \"%s\"",name(desckey)),BUF_WIDTH-strlen(look->title)) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:980:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)look->desc,name(tkey),
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:985:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)look->desc,name(tkey),
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:990:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)look->desc,name(tkey),
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:999:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)look->desc,name(tkey),
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1020:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)look->common,name(tkey),BUF_WIDTH-1) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1026:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)look->common,name(tkey),BUF_WIDTH-1) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1031:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)look->common,name(tkey),BUF_WIDTH-1) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1042:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)look->common,name(tkey),BUF_WIDTH-1) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1064:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(look->taxon, messprintf("%s: ",name(rank)),
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1066:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(look->taxon, messprintf("%s",name(key)),
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1067:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
BUF_WIDTH-strlen(look->taxon)) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1070:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(look->taxon, messprintf(" (%s)",name(tkey)),
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1071:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
BUF_WIDTH-strlen(look->taxon)) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1073:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(look->taxon, messprintf(" - %s",cp),
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1074:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
BUF_WIDTH-strlen(look->taxon)) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1076:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else strncpy(look->taxon,messprintf("Taxon %s",name(key)), BUF_WIDTH-1) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1090:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(look->taxon,messprintf("%s",name(key)), BUF_WIDTH-1) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1092:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(look->taxon,messprintf("%s",name(key)), BUF_WIDTH-1) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1113:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)look->messageText,cp,
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1120:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)look->messageText,
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1126:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat((char*)look->messageText,
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1128:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
BUF_WIDTH-strlen(look->messageText)) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1130:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat((char*)look->messageText,
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1132:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
BUF_WIDTH-strlen(look->messageText)) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1135:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat((char*)look->messageText,
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1137:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
BUF_WIDTH-strlen(look->messageText)) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1139:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat((char*)look->messageText,
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1141:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
BUF_WIDTH-strlen(look->messageText)) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1144:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat((char*)look->messageText,
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1146:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
BUF_WIDTH-strlen(look->messageText)) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1153:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)look->messageText,
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1159:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat((char*)look->messageText,
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1161:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
BUF_WIDTH-strlen(look->messageText)) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1163:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat((char*)look->messageText,
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1165:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
BUF_WIDTH-strlen(look->messageText)) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1168:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat((char*)look->messageText,
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1170:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
BUF_WIDTH-strlen(look->messageText)) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1172:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat((char*)look->messageText,
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1174:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
BUF_WIDTH-strlen(look->messageText)) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1177:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat((char*)look->messageText,
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1179:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
BUF_WIDTH-strlen(look->messageText)) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1186:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)look->messageText,
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1192:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat((char*)look->messageText,
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1194:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
BUF_WIDTH-strlen(look->messageText)) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1209:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)look->messageText,
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1213:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat((char*)look->messageText,
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1215:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
BUF_WIDTH-strlen(look->messageText)) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1515:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ang,messprintf("%.1f",look->angle),15) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1517:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(arc,messprintf("%.1f",look->spread),15) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1702:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(nfacbuf,messprintf("%.1f",look->normalFactor),15) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:2665:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextNodeR += (1.5+strlen(label)*cw) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:2682:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bslength = strlen(bootstraplabel) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3046:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(numLeaves,messprintf("# Leaves: %d",nLeaves),15) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3051:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(scale,
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3060:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(brMax,messprintf ("Max. Branch Length: %.3f",tdmax),29) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3063:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(brNormal,messprintf("Display Normalization: %.1f",look->normalFactor),29) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3081:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(scale,
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3265:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fileName,name(obj->root->key),FIL_BUFFER_SIZE-1) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3540:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(rankName,cp,BUFSZ) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3555:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(taxonName,cp,BUFSZ) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3579:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(currentNode.name,name,BUFSZ) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3788:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(rank,rankName,BUFSZ) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3790:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(taxon,taxonName,BUFSZ) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3834:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(label,name,BUFSZ) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3841:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(rank,rankName,BUFSZ) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3845:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(taxon,taxonName,BUFSZ) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3850:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(taxon,label,BUFSZ) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3903:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(listname,name,BUFSZ) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3925:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(currentParent->name,
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3961:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(listname,label,BUFSZ) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3969:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(rank,rankName,BUFSZ) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3973:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(taxon,taxonName,BUFSZ) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3978:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(taxon,listname,BUFSZ) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:4079:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(treeObjName,(const char *)treeName,BUFSZ-1) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:4087:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (treeObjName,aceInWord(name_in),BUFSZ-1) ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:584:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int templateLength = strlen(template) ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:722:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cr = stackText(s, strlen(template)) ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:779:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dnacptColorMatches (sites, n ? n-1 : 0, frame>=0 ? 6:7, colors, strlen(cp), 3);
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:784:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cr = messalloc(strlen(cp)+ 1) ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:809:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dnacptColorMatches (sites, n ? n - 1 : 0 , col--, colors, strlen(cp), 1) ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:816:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dnacptColorMatches (sites, n ? n-1 : 0, frame == 0 ? 6:7, colors, strlen(cp), 1) ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:823:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dnacptColorMatches (sites, n ? n - 1 : 0 , ++col, colors, strlen(cp), amino ? 3 : 1 ) ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:926:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(stackText(sname,site->mark)) > 9)
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:1148:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(text, stackText(s2, 0), 39) ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:1165:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:1167:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (n > strlen(cp))
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:1568:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cq, aceInWord(params_in), 8); cq[8] = '\0'; aceInNext (params_in);
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:1731:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fileName, name(key), 22) ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:2080:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf,cp,3) ; buf[3] = 0 ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:2683:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dnacpt->restriction, "") ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:2810:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dnacpt->restriction,"") ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:2868:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
graphText(messprintf(" expected length %d", 1<< 2*strlen(stackText(rdStack,r->mark))),
data/acedb-4.9.39+dfsg.02/w7/drawdisp.c:190:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (look->imageFileName, fileName, 255) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcdna.c:482:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (buffer, messprintf ("# Length %d, Match from %d to %d", ln, x1, x2), maxBuf) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcdna.c:484:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (buffer, messprintf ("# PolyA at %d", polyA, x2), maxBuf) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcdna.c:1106:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buffer, messprintf ("Gene %s, %s %s", name(seg1->parent),
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:904:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (look->originBuf, "1") ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:1006:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (look->zoneBuf,
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:1012:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (look->zoneBuf,
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:1196:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(look->originBuf))
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:1197:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (look->originBuf,"1") ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:1204:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (look->zoneBuf,
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:1210:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (look->zoneBuf,
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:1395:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fil) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:3999:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (look->segTextBuf, nameWithClassDecorate(seg->key), 40) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4005:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (look->segTextBuf, nameWithClassDecorate(seg->parent), 40) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4036:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (look->segTextBuf, messprintf(" %s ", name(sinf->method)), 40) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4038:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (look->segTextBuf, messprintf ("%.1f", sinf->score), 10) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4072:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (look->segTextBuf,
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4085:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (look->segTextBuf,
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4089:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (look->segTextBuf,
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4107:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (look->segTextBuf,
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4125:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (look->segTextBuf,
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4156:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (look->segTextBuf,
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4174:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (look->segTextBuf,
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4195:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (look->segTextBuf, messprintf ("Frame %d", seg->data.i), 64) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4198:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (look->segTextBuf, fMapSegTypeName[seg->type], 32) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4199:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (look->segTextBuf, messprintf (" Score %f", seg->data.f), 32) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4202:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (look->segTextBuf, messprintf ("%s", seg->data.s), 64);
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4207:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (look->segTextBuf, messprintf ("%s", seg->data.s), 64) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4213:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (look->segTextBuf,
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4221:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (look->segTextBuf,
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4228:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (look->segTextBuf, title(seg->key),
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4229:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
127 - strlen(look->segTextBuf)) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4238:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (look->segTextBuf, dictName (look->featDict, -seg->parent), 58) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4243:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (look->segTextBuf,
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4258:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (look->segTextBuf, nameWithClassDecorate(seg->data.k), 64) ; /* left/right */
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:5313:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (n[strlen(n)-1] == 'a')
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:6103:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getchar(); /* Wait for user to read message */
data/acedb-4.9.39+dfsg.02/w7/fmapcurate.c:401:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x += strlen (seqName(keySet(state->geneOverlaps, i))) + 1 ;
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:339:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (width < strlen (cp))
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:340:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width = strlen (cp) ;
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:1885:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bumpItem (bump, strlen(text)+1, 1, &x, &y) ;
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:2236:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msp->sname = messalloc(strlen(name(seg->key)) + 1) ;
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:2267:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msp->sname = messalloc(strlen(name(seg->parent))+2) ;
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:2288:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msp->sname = messalloc(strlen(name(seg->parent)) + 2) ;
data/acedb-4.9.39+dfsg.02/w7/fmapgene.c:918:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (parmsName, aceInWord(name_in), 63); parmsName[63] = '\0';
data/acedb-4.9.39+dfsg.02/w7/fmapgene.c:921:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(parmsName) == 0)
data/acedb-4.9.39+dfsg.02/w7/fmapgene.c:2257:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (classtype, ct, 40);
data/acedb-4.9.39+dfsg.02/w7/fmapgene.c:2259:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (format, ct, 15);
data/acedb-4.9.39+dfsg.02/w7/fmaposp.c:334:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oligoLength = strlen(motif) ;
data/acedb-4.9.39+dfsg.02/w7/fmaposp.c:607:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (look->segTextBuf,
data/acedb-4.9.39+dfsg.02/w7/fmaposp.c:1434:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (oligoName, "-") ;
data/acedb-4.9.39+dfsg.02/w7/fmaposp.c:1436:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (oligoName, "+") ;
data/acedb-4.9.39+dfsg.02/w7/fmaposp.c:1439:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (oligoName, "x") ;
data/acedb-4.9.39+dfsg.02/w7/fmaposp.c:1448:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (oligoName, ".") ;
data/acedb-4.9.39+dfsg.02/w7/fmaposp.c:1535:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(look->oligoNameBuffer))
data/acedb-4.9.39+dfsg.02/w7/fmapsequence.c:695:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp) > maxlen)
data/acedb-4.9.39+dfsg.02/w7/fmapsequence.c:696:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxlen = strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c:70:50: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
{ if (*x < CSM) {*x = CSM; tcolor = BLACK; strcpy(buf,"a");} }
data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c:74:55: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
{ if (*x < CSM-0.6) {*x = CSM-0.6;tcolor = RED; strcpy(buf,"f");} }
data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c:76:60: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
{ if (*x < CSM-0.9) {*x = CSM-0.9;tcolor = LIGHTRED; strcpy(buf,"c");} }
data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c:80:57: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
{ if (*x < CSM-1.5) {*x = CSM-1.5;tcolor = GREEN; strcpy(buf,"s");} }
data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c:82:56: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
{ if (*x < CSM-1.8) {*x = CSM-1.8;tcolor = BLUE; strcpy(buf,"l");} }
data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c:84:61: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
{ if (*x < CSM-2.1) {*x = CSM-2.1;tcolor = LIGHTBLUE; strcpy(buf,"d");} }
data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c:86:60: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
{ if (*x < CSM-2.4) {*x = CSM-2.4;tcolor = LIGHTGRAY;strcpy(buf,"r");} }
data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c:88:49: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
{ if (*x < 0.0) {*x = 0.0;tcolor = WHITE; strcpy(buf,"-");} }
data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c:319:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(text, "");
data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c:378:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((tmp = offset+x2-strlen(text)*cw) < offset+x1+CSM)
data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c:395:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = strlen(str);
data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c:507:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bumpItem (bump, strlen(text)+1, 1, &x, &y) ;
data/acedb-4.9.39+dfsg.02/w7/fpdisp.c:929:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dx += strlen(name(array(fpGels, i, GEL).clef)) + 1 ;
data/acedb-4.9.39+dfsg.02/w7/geldisp.c:836:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(look->positionBuffer, messprintf("%d",
data/acedb-4.9.39+dfsg.02/w7/geldisp.c:946:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (enzp->text, name(keySet(ks, i)), 79) ;
data/acedb-4.9.39+dfsg.02/w7/geldisp.c:966:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (enzp->text, "observed", 79) ;
data/acedb-4.9.39+dfsg.02/w7/gff.c:868:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(str->str + (strlen(str->str) - 1), "\"");
data/acedb-4.9.39+dfsg.02/w7/gff.c:868:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(str->str + (strlen(str->str) - 1), "\"");
data/acedb-4.9.39+dfsg.02/w7/gmapconvert.c:71:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, ".");
data/acedb-4.9.39+dfsg.02/w7/gmapconvert.c:83:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, ".");
data/acedb-4.9.39+dfsg.02/w7/gmapdisp.c:213:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, aceInWord(name_in), 40) ;
data/acedb-4.9.39+dfsg.02/w7/gmapdisp.c:550:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ x = strlen (name(look->titleKey)) ;
data/acedb-4.9.39+dfsg.02/w7/gmapdisp.c:554:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ x = strlen (name(map->key)) ;
data/acedb-4.9.39+dfsg.02/w7/gmapdisp.c:577:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(mt, string,
data/acedb-4.9.39+dfsg.02/w7/gmapdisp.c:578:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(mt)<MAXMESSAGETEXT-2 ? MAXMESSAGETEXT-(2+strlen(mt)) : 0);
data/acedb-4.9.39+dfsg.02/w7/gmapdisp.c:578:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(mt)<MAXMESSAGETEXT-2 ? MAXMESSAGETEXT-(2+strlen(mt)) : 0);
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:205:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(text) ;
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:325:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(look->messageText, name(seg->key), 100);
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:407:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = private->displayNames ? 0.65*strlen(name(symb)) : 0;
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:587:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = 0.8*strlen(name(symb)) ;
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:763:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = 0.8*strlen(name(symb)) ;
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:930:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cf->query) != 0)
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:933:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
1+strlen(cf->query));
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:942:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cf->tag) != 0)
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:957:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ if (strlen(cf->temp[i]) != 0)
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:959:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
1+strlen (cf->temp[i]));
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:1075:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ private->query = handleAlloc(0, instance->handle, 1+strlen(s1));
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:1091:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
1+strlen(s1));
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:215:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(look->messageText, name(seg->key), 100);
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:430:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameLength = strlen(showName);
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:436:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, showName, n);
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:499:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameLength = strlen(showName);
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:505:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, showName, n);
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:614:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (arrayp(cf->colQuerys, arrayMax(cf->colQuerys), TEXTQUERY)->query, "") ;
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:615:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (arrayp(cf->colQuerys, arrayMax(cf->colQuerys), TEXTQUERY)->query, "") ;
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:616:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (arrayp(cf->colQuerys, arrayMax(cf->colQuerys), TEXTQUERY)->query, "") ;
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:624:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (arrayp(cf->tags, arrayMax(cf->tags), TEXTTAG)->text, "") ;
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:625:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (arrayp(cf->tags, arrayMax(cf->tags), TEXTTAG)->text, "") ;
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:626:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (arrayp(cf->tags, arrayMax(cf->tags), TEXTTAG)->text, "") ;
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:700:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cf->query) != 0)
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:703:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
1+strlen(cf->query));
data/acedb-4.9.39+dfsg.02/w7/gmapmarkercol.c:186:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = .65 * strlen(name(seg->key)) ;
data/acedb-4.9.39+dfsg.02/w7/gmapmarkercol.c:244:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xx = (isGifDisplay ? 1 : .65) * strlen(name(seg->key)) ;
data/acedb-4.9.39+dfsg.02/w7/gmapposnegcol.c:286:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
float endOfName = control->topMargin + 0.65 * strlen(name(key));
data/acedb-4.9.39+dfsg.02/w7/gmapposnegcol.c:332:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, n = strlen(nam);
data/acedb-4.9.39+dfsg.02/w7/gmapposnegcol.c:516:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cf->query) != 0)
data/acedb-4.9.39+dfsg.02/w7/gmapposnegcol.c:519:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
1+strlen(cf->query));
data/acedb-4.9.39+dfsg.02/w7/gmapposnegcol.c:559:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ private->query = handleAlloc(0, instance->handle, 1+strlen(s1));
data/acedb-4.9.39+dfsg.02/w7/gmapremarkcol.c:350:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameLength = strlen(name(symb));
data/acedb-4.9.39+dfsg.02/w7/gmapremarkcol.c:361:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buff, name(symb), width - x);
data/acedb-4.9.39+dfsg.02/w7/gmapremarkcol.c:480:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cf->query) != 0)
data/acedb-4.9.39+dfsg.02/w7/gmapremarkcol.c:489:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ if (strlen(cf->temp[i]) != 0)
data/acedb-4.9.39+dfsg.02/w7/gmapsubmapcol.c:877:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(look->messageText, name(seg->key), 100);
data/acedb-4.9.39+dfsg.02/w7/gmapsubmapcol.c:1001:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cf->intQuery) != 0)
data/acedb-4.9.39+dfsg.02/w7/gmapsubmapcol.c:1004:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
1+strlen(cf->intQuery));
data/acedb-4.9.39+dfsg.02/w7/gmapsubmapcol.c:1018:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cf->lociQuery) != 0)
data/acedb-4.9.39+dfsg.02/w7/gmapsubmapcol.c:1021:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
1+strlen(cf->lociQuery));
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:457:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seg->name = messalloc(strlen(temp) +1);
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:799:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (look->selectName, gName(seg), 64) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:848:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cplen = strlen (cp) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:1366:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (look->probeClassName, className(probe), 63) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:1367:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (look->probeName, name(probe), 63) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:2079:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(gName(seg));
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:2124:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = 3 + strlen(look->title) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:2326:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x += strlen(gName(seg)) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:2729:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (look->probeName, name(keyTmp), 63) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:2929:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(look->reportBuffer) + strlen(name(tab->tag)) + 4) >= GRID_REPORT_BOX_LEN)
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:2929:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(look->reportBuffer) + strlen(name(tab->tag)) + 4) >= GRID_REPORT_BOX_LEN)
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:2937:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (look->reportBuffer, " ") ;
data/acedb-4.9.39+dfsg.02/w7/mapcontrol.c:212:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) >= MAP_NAME_BUFLEN)
data/acedb-4.9.39+dfsg.02/w7/mapcontrol.c:456:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
graphText (cq, x+ strlen(cp) + .4 , y) ;
data/acedb-4.9.39+dfsg.02/w7/mapcontrol.c:1105:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
graphFillRectangle (x+0.5, y-0.5, x+2.5+strlen(map->cursor.text), y+0.5) ;
data/acedb-4.9.39+dfsg.02/w7/mapcontrol.c:1107:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
graphTextPtr (map->cursor.text, x+0.5, y-0.5, strlen(map->cursor.text)) ;
data/acedb-4.9.39+dfsg.02/w7/mapcontrol.c:1195:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp) > max)
data/acedb-4.9.39+dfsg.02/w7/mapcontrol.c:1196:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max = strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w7/metab.c:571:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e->width = (float)strlen(name);
data/acedb-4.9.39+dfsg.02/w7/metab.c:676:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w = fudge*(float)strlen(flab->name)/2, xp, yp;
data/acedb-4.9.39+dfsg.02/w7/metab.c:684:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w = (float)strlen(tlab->name)/2;
data/acedb-4.9.39+dfsg.02/w7/metab.c:725:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ if(1) label->x = xm - (float)strlen(label->name)/2;
data/acedb-4.9.39+dfsg.02/w7/metab.c:727:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ label->x = xm-1.5*NODE_LABEL_DX-(float)strlen(label->name);
data/acedb-4.9.39+dfsg.02/w7/metab.c:967:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
graphRectangle(x-0.3,y-0.1, x+((float)strlen(t->name)+0.4),y+1.1);
data/acedb-4.9.39+dfsg.02/w7/metab.c:1338:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = (char*) metabAlloc((strlen(text)+1)*sizeof(char));
data/acedb-4.9.39+dfsg.02/w7/metab.c:1441:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dname = (char*) metabAlloc(strlen(name(pwkey))+20);
data/acedb-4.9.39+dfsg.02/w7/method.c:384:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!methodName || strlen(methodName) == 0)
data/acedb-4.9.39+dfsg.02/w7/method.c:551:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (aceDiff && strlen(aceDiff) > 0
data/acedb-4.9.39+dfsg.02/w7/method.c:637:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!methodName || strlen(methodName) == 0)
data/acedb-4.9.39+dfsg.02/w7/methodcache.c:293:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (aceDiff && strlen(aceDiff) > 0)
data/acedb-4.9.39+dfsg.02/w7/pepdisp.c:228:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(look->activeText,messprintf("%d %d",look->activeStart,look->activeEnd),MAXACTIVETEXT);
data/acedb-4.9.39+dfsg.02/w7/pepdisp.c:248:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ x = strlen (name(look->titleKey)) ;
data/acedb-4.9.39+dfsg.02/w7/pepdisp.c:252:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ x = strlen (name(map->key)) ;
data/acedb-4.9.39+dfsg.02/w7/pepdisp.c:260:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(look->activeText,messprintf("%d %d",look->activeStart,look->activeEnd),MAXACTIVETEXT);
data/acedb-4.9.39+dfsg.02/w7/pepfeaturecol.c:215:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(cf->query) != 0){
data/acedb-4.9.39+dfsg.02/w7/pepfeaturecol.c:275:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(look->messageText, name(feature->key),100);
data/acedb-4.9.39+dfsg.02/w7/pepgifcommand.c:185:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| strlen(filename) == 0)
data/acedb-4.9.39+dfsg.02/w7/pephomolcol.c:393:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else strncpy(msp->sname, name(homol->key), FULLNAMESIZE);
data/acedb-4.9.39+dfsg.02/w7/pephomolcol.c:446:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int s1len = strlen(s1),
data/acedb-4.9.39+dfsg.02/w7/pephomolcol.c:447:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s2len = strlen(s2);
data/acedb-4.9.39+dfsg.02/w7/pephomolcol.c:622:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(look->messageText, name(homol->key),100);
data/acedb-4.9.39+dfsg.02/w7/pephomolcol.c:748:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bumpItem (bump,strlen(name(homol->key))+1,1, &xoff, &y3) ;
data/acedb-4.9.39+dfsg.02/w7/pephomolcol.c:752:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bumpItem (bump,strlen(name(homol->key))+1,1, &xoff, &y3) ;
data/acedb-4.9.39+dfsg.02/w7/pephomolcol.c:756:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name(homol->key))+2 > namemax)
data/acedb-4.9.39+dfsg.02/w7/pephomolcol.c:757:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namemax = strlen(name(homol->key))+2;
data/acedb-4.9.39+dfsg.02/w7/pepseqcol.c:69:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
array(private->colMap,0,Array) = arrayHandleCreate(strlen(ress),char,instance->handle); /* residue names */
data/acedb-4.9.39+dfsg.02/w7/pepseqcol.c:70:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
array(private->colMap,1,Array) = arrayHandleCreate(strlen(ress),int,instance->handle); /* residue colour */
data/acedb-4.9.39+dfsg.02/w7/pepseqcol.c:74:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i < strlen(ress);i++){
data/acedb-4.9.39+dfsg.02/w7/pepseqcol.c:158:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(look->messageText, messprintf("%c",cp) ,100);
data/acedb-4.9.39+dfsg.02/w7/pepseqcol.c:350:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(look->activeText,messprintf("%d %d",look->activeStart,look->activeEnd),11);
data/acedb-4.9.39+dfsg.02/w7/pepseqcol.c:547:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<strlen(pepDecodeChar);i++){
data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c:198:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
graphText (text, ModelToGraphX(x) - strlen(text) / 2.0 ,
data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c:721:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, text, n) ; buf[n] = 0 ;
data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c:912:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bumpItem (bump, 1, strlen(name(seg->key)), &kHeight, &x) ;
data/acedb-4.9.39+dfsg.02/w7/smapconvert.c:875:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (CLMethod[strlen(CLMethod)-1] == '*')
data/acedb-4.9.39+dfsg.02/w7/smapconvert.c:877:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CLMethod[strlen(CLMethod)-1] = '\0';
data/acedb-4.9.39+dfsg.02/w7/smapconvert.c:883:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(KSMethod, CLMethod, strlen(CLMethod)-1) == 0)
data/acedb-4.9.39+dfsg.02/w7/smapconvert.c:2678:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen(type_text);
data/acedb-4.9.39+dfsg.02/w7/smapconvert.c:2681:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen(text_text);
data/acedb-4.9.39+dfsg.02/w7/vmapdisp.c:1227:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*offset+x+0.8*strlen(name(seg->key)), y+0.3) ;
data/acedb-4.9.39+dfsg.02/w7/vmapdisp.c:1431:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = 0.65*strlen(name(seg->symbol)) ;
data/acedb-4.9.39+dfsg.02/w7/vmapdisp.c:1520:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*offset += strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w7/vmapdisp.c:1538:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xx = .65 * strlen(name(seg->key)) ;
data/acedb-4.9.39+dfsg.02/w7/vmapdisp.c:1588:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = .65 * strlen(name(seg->key)) ;
data/acedb-4.9.39+dfsg.02/w7/vmapdisp.c:2122:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ strncpy (look->messageText, name (seg->key), 100) ;
data/acedb-4.9.39+dfsg.02/w7/vmapdisp.c:2131:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (look->messageText, name (seg->key), 100) ;
data/acedb-4.9.39+dfsg.02/w7/vmapdisp.c:2147:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (look->messageText, name (seg->key), 100) ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:655:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bumpItem(bp, 1, strlen(cp) + 2.0, &x1, &y1) ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:1614:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, cp, 81);
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:1661:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, cp, 81) ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:3048:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp) == 0)
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:3158:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp) == 0)
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:3255:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp) == 0)
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1505:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf, cp, 100) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1556:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, cp, 128) ; /* be sure we have room left in name for numbers */
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1588:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cq0 = buf + strlen(buf) ; *cq0++ = '.' ; *cq0 = 0 ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1631:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (cp) > 250)
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1703:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf, cp, 128) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1792:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cq = ctmp + strlen(ctmp) - 1 ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:2452:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (nom, nm, 48) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:2454:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ strncpy (nom, name(key1), 48) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:2455:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = nom + strlen (nom) - 1 ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:3393:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
BOOL dnaAlignDoReInsertLoners (KEY seqKey, KEYSET read)
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:3403:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ks = keySetMINUS (read, ks2) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:3416:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ks = keySetMINUS (read, ks2) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:3476:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
resul = dnaAlignDoReInsertLoners (seqKey, read) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:3477:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
keySetDestroy (read) ;
data/acedb-4.9.39+dfsg.02/w9/align.c:239:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (name(map)) > 9 &&
data/acedb-4.9.39+dfsg.02/w9/asn.c:137:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(a, "");
data/acedb-4.9.39+dfsg.02/w9/asn.c:233:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(name);
data/acedb-4.9.39+dfsg.02/w9/asn.c:265:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ( strlen(initials) > strlen(lastname) ) {
data/acedb-4.9.39+dfsg.02/w9/asn.c:265:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ( strlen(initials) > strlen(lastname) ) {
data/acedb-4.9.39+dfsg.02/w9/asn.c:452:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(titlebuf,"");
data/acedb-4.9.39+dfsg.02/w9/asn.c:461:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(journbuf,"");
data/acedb-4.9.39+dfsg.02/w9/asn.c:470:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(volumbuf,"");
data/acedb-4.9.39+dfsg.02/w9/asn.c:497:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(gBuf,"");
data/acedb-4.9.39+dfsg.02/w9/asn.c:500:7: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(gBuf,"",page1,page2);
data/acedb-4.9.39+dfsg.02/w9/asn.c:567:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(gene, "");
data/acedb-4.9.39+dfsg.02/w9/asn.c:704:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(gbp = gBuf, "");
data/acedb-4.9.39+dfsg.02/w9/asn.c:741:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(gbp = gBuf, "");
data/acedb-4.9.39+dfsg.02/w9/asn.c:766:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lcp = MemNew(strlen(name(gpkey)) + 2);
data/acedb-4.9.39+dfsg.02/w9/asn.c:776:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(gene, "");
data/acedb-4.9.39+dfsg.02/w9/asn.c:779:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(name(key), gClonePat, strlen(gClonePat)) == 0
data/acedb-4.9.39+dfsg.02/w9/asn.c:780:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| strncasecmp(name(key), gRawClonePat, strlen(gRawClonePat)) == 0) {
data/acedb-4.9.39+dfsg.02/w9/asn.c:782:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(gene, ":");
data/acedb-4.9.39+dfsg.02/w9/asn.c:929:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(name(key), gRawClonePat, strlen(gRawClonePat)) == 0) {
data/acedb-4.9.39+dfsg.02/w9/asn.c:979:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = MemNew(strlen(name(gpkey)) + 100);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1065:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(gBuf," ");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1097:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qstr) == 0) {
data/acedb-4.9.39+dfsg.02/w9/asn.c:1107:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qhere = (char *) malloc(strlen(qstr));
data/acedb-4.9.39+dfsg.02/w9/asn.c:1125:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(vbuf,"");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1300:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(qtxt, "(");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1302:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mtxt[strlen(mtxt)-1] != ')') /* close parenthesis (if not present) */
data/acedb-4.9.39+dfsg.02/w9/asn.c:1303:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(qtxt, ")");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1424:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(gClonePat, ".");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1426:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(gRawClonePat, ".");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1614:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(gBuf+strlen(gBuf), "~~%s",name(arr(a,i,BSunit).k));
data/acedb-4.9.39+dfsg.02/w9/asn.c:1618:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(gBuf+strlen(gBuf), "~\"TSL\" = trans-spliced leader.");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1620:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gBuf) > (size_t) 0) {
data/acedb-4.9.39+dfsg.02/w9/asn.c:1661:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(gBuf+strlen(gBuf), "~~%s",name(arr(a,i,BSunit).k));
data/acedb-4.9.39+dfsg.02/w9/asn.c:1667:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(gBuf+strlen(gBuf), " ~ ~NOTES:~~Coding sequences below are predicted from");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1668:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(gBuf+strlen(gBuf), " computer analysis, using the program Genefinder");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1669:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(gBuf+strlen(gBuf), "(P. Green and L. Hillier, ms in preparation).");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1673:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(gBuf+strlen(gBuf), "~\"TSL\" = trans-spliced leader.");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1676:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gBuf) > (size_t) 0) AddCommentToEntry(nsp, nuc_entry, gBuf);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1726:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(gBuf+strlen(gBuf), "~~%s",name(arr(a,i,BSunit).k));
data/acedb-4.9.39+dfsg.02/w9/asn.c:1734:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(gBuf+strlen(gBuf), " ~ ~NOTES:~~Coding sequences below are predicted from");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1735:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(gBuf+strlen(gBuf), " computer analysis, using the program Genefinder");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1736:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(gBuf+strlen(gBuf), "(P. Green and L. Hillier, ms in preparation).");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1740:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(gBuf+strlen(gBuf), "~\"TSL\" = trans-spliced leader.");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1743:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gBuf) > (size_t) 0) AddCommentToEntry(nsp, nuc_entry, gBuf);
data/acedb-4.9.39+dfsg.02/w9/asn.c:2112:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(asnfile); i++) {
data/acedb-4.9.39+dfsg.02/w9/asn.c:2222:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen(name1);
data/acedb-4.9.39+dfsg.02/w9/asn.c:2223:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(name2);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1141:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(stats, " ");
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1166:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(stats, ")");
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1470:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *tmp = messalloc(strlen(src)+1) ;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1484:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cp = messalloc(strlen(alnp->name)+maxStartLen+maxEndLen+10);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1980:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ruler + i - strlen(ichar), ichar, strlen(ichar));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1980:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(ruler + i - strlen(ichar), ichar, strlen(ichar));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1980:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(ruler + i - strlen(ichar), ichar, strlen(ichar));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1983:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(seq, ruler+AlignXstart, seqlen);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2048:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(seq, alnp->seq+AlignXstart, seqlen);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2394:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(namep, aln->name, 50);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2396:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(GRfeat, cp+1, 50);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2431:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (W = strlen(writeMulName(arrp(Align, i, ALN)))) > w) w = W;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2704:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest->name, src->name, MAXNAMESIZE);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2712:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest->fetch, src->fetch, MAXNAMESIZE+10);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2970:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *suffix = messalloc(strlen(cp)+1);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:3021:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp) > maxwidth) maxwidth = strlen(cp);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:3021:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp) > maxwidth) maxwidth = strlen(cp);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:3108:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
graphText(node->organism, x + node->branchlen*treeScale + 2 + strlen(node->name), y-0.5);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:3111:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pos = x + node->branchlen*treeScale + strlen(node->name);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:3737:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
node[i]->name = messalloc(strlen(arrp(Align, i, ALN)->name)+50);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4032:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arrp(Aligntmp, i, ALN)->seq = messalloc(strlen(arrp(Align, i, ALN)->seq)+1);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4103:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len=strlen(messprintf("%.1f", arrp(Align, i, ALN)->score))) > maxScoreLen) maxScoreLen = len;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4358:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aln.len = strlen(seq);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4403:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filesize += strlen(line);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4420:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seqp += strlen(seqp);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4483:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(aln->name, cp, MAXNAMESIZE);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4498:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sscanf(cp + strlen(aln->name),
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4502:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sscanf(cp + strlen(aln->name),
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4506:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(aln->name)+strlen(GRfeat)+1 > MAXNAMESIZE)
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4506:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(aln->name)+strlen(GRfeat)+1 > MAXNAMESIZE)
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4508:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(aln->name, " ");
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4509:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(aln->name, GRfeat, MAXNAMESIZE-strlen(aln->name));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4509:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(aln->name, GRfeat, MAXNAMESIZE-strlen(aln->name));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4537:20: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!isspace(ch = fgetc(pipe))) {
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4573:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (line);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4622:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cp+alnstart);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4803:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(aln.name, cp, MAXNAMESIZE);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4820:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
scoreLen = strlen(messprintf("%.1f", aln.score));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4864:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (maxNameLen < strlen(alnp->name)) maxNameLen = strlen(alnp->name);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4864:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (maxNameLen < strlen(alnp->name)) maxNameLen = strlen(alnp->name);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4865:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (maxStartLen < (tmp = strlen(messprintf("%d", alnp->start)))) maxStartLen = tmp;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4866:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (maxEndLen < (tmp = strlen(messprintf("%d", alnp->end)))) maxEndLen = tmp;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4884:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
v[*argc] = (char *)malloc(strlen(s)+1);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5006:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usage = messalloc(strlen(usageText) + strlen(belvuVersion) + strlen(cc_date) + 20);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5006:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usage = messalloc(strlen(usageText) + strlen(belvuVersion) + strlen(cc_date) + 20);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5006:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usage = messalloc(strlen(usageText) + strlen(belvuVersion) + strlen(cc_date) + 20);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5019:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
colorCodesFile = messalloc(strlen(optarg+1));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5022:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
markupColorCodesFile = messalloc(strlen(optarg+1));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5025:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
readMatchFile = messalloc(strlen(optarg)+1);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5031:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(OrganismLabel, optarg, 2); break;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5033:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output_format = messalloc(strlen(optarg)+1);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5058:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
scoreFile = messalloc(strlen(optarg)+1);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5094:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(Title, optarg, 255); break;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5116:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (!*Title) strncpy(Title, argv[optind], 255);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5117:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fileName, argv[optind], FIL_BUFFER_SIZE);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5903:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(aa, aceInWord(ace_in), 63);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5904:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(col, aceInWord(ace_in), 63);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5914:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(colors, " ");
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5950:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len = strlen (line))
data/acedb-4.9.39+dfsg.02/w9/belvu.c:6017:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(title, aceInWord(wrap_in), 255);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:6395:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(labelseq) > seqlen)
data/acedb-4.9.39+dfsg.02/w9/belvu.c:6398:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(labelseq), seqlen));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:6399:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(labelseq) < seqlen) {
data/acedb-4.9.39+dfsg.02/w9/belvu.c:6402:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(labelseq), seqlen));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7015:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linecopy = messalloc(strlen(line)+1);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7129:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(aln.name, line, MAXNAMESIZE);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7132:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (maxNameLen < strlen(aln.name)) maxNameLen = strlen(aln.name);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7132:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (maxNameLen < strlen(aln.name)) maxNameLen = strlen(aln.name);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7137:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len=strlen(cp)) > maxStartLen) maxStartLen = len;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7138:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (maxStartLen < (tmp = strlen(messprintf("%d", aln.start)))) maxStartLen = tmp;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7142:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len=strlen(cp)) > maxEndLen) maxEndLen = len;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7143:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (maxEndLen < (tmp = strlen(messprintf("%d", aln.end)))) maxEndLen = tmp;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7154:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len=strlen(messprintf("%.1f", aln.score))) > maxScoreLen) maxScoreLen = len;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7160:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rawseq = messalloc(strlen(line)+1);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7180:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(seqp, rawseq, seglen);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7197:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(seqp, rawseq + seg->qend, Query_gap);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7215:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(seqp, rawseq + seg->qstart-1, seglen);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7222:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aln.len = strlen(seq);
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:161:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usage = messalloc(strlen(usageText) + strlen(blixemVersion) + 10) ;
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:161:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usage = messalloc(strlen(usageText) + strlen(blixemVersion) + 10) ;
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:195:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(opts, ' ', strlen(opts)) ;
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:197:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0 ; i < strlen(optarg) ; i++)
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:290:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = fgetc(seqfile)) != '\n') {
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:314:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(qname, line+1, 255);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:114:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = fgetc(seqfile)) != '\n') {
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:133:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(qname, line+1, 255); qname[255]=0;
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:194:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s2 = messalloc(strlen(s)+1);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:225:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(s2)+1;
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:227:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msp->desc = messalloc(strlen(cp)+1);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:237:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msp->sseq = messalloc(strlen(seq)+1);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:247:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msp->sseq = messalloc(msp->sstart+strlen(seq)+1);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:283:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msp->sname = messalloc(strlen(sname)+1);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:301:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
src = messalloc(strlen(msp->sname)+1);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:311:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(msp->sname, ":");
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:325:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(msp->sname, ":");
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:337:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_pos = cp + strlen(sname) ;
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:497:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fs.name = messalloc(strlen(series)+1);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:555:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(line))
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:667:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (readseqcount + strlen(line) > maxseqlen)
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:670:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxseqlen += MAXLINE + strlen(line);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:678:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
readseqcount += strlen(line);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:748:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msp->qname = messalloc(strlen(qname)+1);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:750:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msp->sname = messalloc(strlen(sname)+1);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:781:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msp->qname = messalloc(strlen(qname)+1);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:784:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msp->sname = messalloc(strlen(series)+1);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:819:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msp->qname = messalloc(strlen(qname)+1);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:822:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msp->sname = messalloc(strlen(series)+1);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:825:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msp->desc = messalloc(strlen(series)+1);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:853:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seqlen = strlen(*seq1);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:859:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seqlen = strlen(*seq2);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:875:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msp->qname = messalloc(strlen(qname)+1);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:878:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msp->sname = messalloc(strlen(series)+1);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:922:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (text) ;
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:1064:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line_end = strlen(&buffer[0]) - 1 ;
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:118:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(seqfilename, name, MAXLINE);
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:121:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(HSPfilename, name, MAXLINE);
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:124:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(qname, name, MAXLINE);
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:240:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:337:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usage = messalloc(strlen(usageText) + strlen(blixelectVersion) + strlen(cc_date) + 20);
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:337:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usage = messalloc(strlen(usageText) + strlen(blixelectVersion) + strlen(cc_date) + 20);
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:337:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usage = messalloc(strlen(usageText) + strlen(blixelectVersion) + strlen(cc_date) + 20);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:993:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(message, msp->sname, 1023);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:996:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(message, " ");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:997:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(message, msp->desc, 1023-strlen(message));
data/acedb-4.9.39+dfsg.02/w9/blxview.c:997:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(message, msp->desc, 1023-strlen(message));
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1005:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(message, bpmsp->sname, 1023);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1008:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(message, " ");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1009:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(message, bpmsp->desc, 1023-strlen(message));
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1009:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(message, bpmsp->desc, 1023-strlen(message));
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1555:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qlen = actend = strlen(q) ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1611:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
BigPictZoom = strlen(seq); break;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:2702:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_len = strlen(msp->sseq) ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:2954:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(aux2, q+end-1, start-end+1);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3175:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (start < 1 || end < 1 || start > strlen(q) || end > strlen(q))
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3175:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (start < 1 || end < 1 || start > strlen(q) || end > strlen(q))
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3178:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start, end, strlen(q));
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3185:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(query, q+start-1, end-start+1);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3194:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(auxseq, q+start-1, end-start+1);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3199:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(auxseq2, q+end-1, start-end+1);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3208:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
query = messalloc(strlen(auxseq)+1);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3258:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msp->sseq = messalloc(strlen(seq_buf)+1);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3276:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(msp->sseq);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3329:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = messalloc(strlen(seq_buf)+1) ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3397:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*cp++ = fgetc(pipe);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3399:2: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(pipe);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3419:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*cp++ = fgetc(pipe);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3707:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(queryname, abbrev, NAMESIZE) ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3922:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(searchSeq, aceInWord(string_in), NAMESIZE+3);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3929:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dfault, searchSeq, 63);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4054:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extend = strlen(*dottersseq_out) - send;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4165:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dottersseq = messalloc(strlen(msp->sseq)+1);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4190:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dotterqname, qname_G, NAMESIZE);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4285:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dotterqname, qname_G, NAMESIZE);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4296:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dottersseq = messalloc(strlen(queryseq)+1);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4317:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dotterqname, qname_G, NAMESIZE);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4339:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dotterqname, aceInWord(params_in), NAMESIZE);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4957:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text) ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:5066:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_len = strlen(text) ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:5081:16: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
result = strncpy(result, text, head_bytes) ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:5083:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy((result + head_bytes), "") ;
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:85:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i=0, j=0; i<= strlen(src); i++ )
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:261:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0; i<strlen(buff); i++)
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:283:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0; i<strlen(buff); i++)
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:311:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(TITLEline, " ");
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:348:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy( &TITLEline[strlen(TITLEline) - 1], &buff[16] );
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:352:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i=0; i< strlen(TITLEline); i++ )
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:381:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(TITLEline, " ");
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:414:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy_noCR( TITLEline + strlen(TITLEline) - 1, &buff[12] );
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:418:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i< strlen(TITLEline); i++) TITLEline[i] = toupper(TITLEline[i]);
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:438:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(TITLEline, " ");
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:473:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy_noCR( &TITLEline[strlen(TITLEline) - 1], &buff[4] );
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:544:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=10 ; i< strlen(buff) - 22; i += 10)
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:547:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pads[10 - strlen(ichar)] = '\0';
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:550:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i < (strlen(buff) - 22) % 10; i++) printf("-");
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:627:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(name); i++) if (isspace(name[i])) name[i] = '\0';
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:631:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(name); i++) name[i] = tolower(name[i]);
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:663:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qlen = strlen(query);
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:664:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
matchlen = ( Exact_match ? max(strlen(posname), qlen) : qlen );
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:669:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (search) printf("%d %s %d %d\n", pos, posname, strlen(posname), qlen);
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:686:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (search) printf("%d %s %d %d\n", pos, posname, strlen(posname), qlen);
data/acedb-4.9.39+dfsg.02/w9/diskdump.c:78:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((n=read(readblockfile,vp,size))!=size)
data/acedb-4.9.39+dfsg.02/w9/dotter.c:589:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MNlen = MNlenSave = strlen(MATRIX_NAME);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:882:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pepqseqlen = strlen(pepqseq[frame]);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2182:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
1+margin+strlen(arrp(fsArr, i, FEATURESERIES)->name),
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2539:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = messalloc(strlen(getenv("PATH"))+1);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2547:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(file,"/");
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3050:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bannerPos = (strlen(banner)*fontw < qlen ? LeftBorder : 10);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3199:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qname = messalloc(strlen(queryname)+1); strcpy(qname, queryname);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3203:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sname = messalloc(strlen(subjectname)+1); strcpy(sname, subjectname);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3209:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(qlen = strlen(qseq))) fatal("queryseq is empty");
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3210:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(slen = strlen(sseq))) fatal("subjectseq is empty");
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3236:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(MATRIX_NAME, mtxfile, 80);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3419:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
v[*argc] = (char *)malloc(strlen(s)+1);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:112:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msp->qname = messalloc(strlen(name)+1);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:115:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msp->desc = messalloc(strlen(desc)+1);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:230:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usage = messalloc(strlen(usageText) + strlen(dotterVersion) + strlen(cc_date) + 20);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:230:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usage = messalloc(strlen(usageText) + strlen(dotterVersion) + strlen(cc_date) + 20);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:230:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usage = messalloc(strlen(usageText) + strlen(dotterVersion) + strlen(cc_date) + 20);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:248:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
savefile = messalloc(strlen(optarg)+1);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:253:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
FSfilename = messalloc(strlen(optarg)+1);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:257:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
FSfilename = messalloc(strlen(optarg)+1);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:262:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
loadfile = messalloc(strlen(optarg)+1);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:265:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mtxfile = messalloc(strlen(optarg)+1);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:280:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qname = messalloc(strlen(argv[optind])+1); strcpy(qname, argv[optind]);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:282:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sname = messalloc(strlen(argv[optind+2])+1); strcpy(sname, argv[optind+2]);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:284:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dotterBinary = messalloc(strlen(argv[optind+4])+1);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:288:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
winsize = messalloc(strlen(optarg)+1);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:307:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(argv[i])+1;
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:313:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(Xoptions, " ");
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:420:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qname = messalloc(strlen(cq)+1); strNamecpy(qname, cq);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:421:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
firstdesc = messalloc(strlen(cq)+1);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:434:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qname = messalloc(strlen(qfilename)+1); strcpy(qname, qfilename);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:461:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sname = messalloc(strlen(cq)+1); strNamecpy(sname, cq);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:462:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
firstdesc = messalloc(strlen(cq)+1);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:475:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sname = messalloc(strlen(sfilename)+1); strcpy(sname, sfilename);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:49:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dbsource, "S");
data/acedb-4.9.39+dfsg.02/w9/efetch.c:55:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dbsource, "P");
data/acedb-4.9.39+dfsg.02/w9/efetch.c:61:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dbsource, "W");
data/acedb-4.9.39+dfsg.02/w9/efetch.c:68:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dbsource, "E");
data/acedb-4.9.39+dfsg.02/w9/efetch.c:74:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dbsource, "G");
data/acedb-4.9.39+dfsg.02/w9/efetch.c:80:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dbsource, "D");
data/acedb-4.9.39+dfsg.02/w9/efetch.c:86:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dbsource, "R");
data/acedb-4.9.39+dfsg.02/w9/efetch.c:193:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(help = malloc(strlen(helpText) + 102))) {
data/acedb-4.9.39+dfsg.02/w9/efetch.c:198:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(help, cc_date, 100);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:199:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(help, "\n");
data/acedb-4.9.39+dfsg.02/w9/efetch.c:225:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(idxfile, optarg, MAXFILE); break;
data/acedb-4.9.39+dfsg.02/w9/efetch.c:235:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dbdir, optarg, MAXFILE); break;
data/acedb-4.9.39+dfsg.02/w9/efetch.c:242:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dbfile, optarg, MAXFILE); break;
data/acedb-4.9.39+dfsg.02/w9/efetch.c:247:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(help = malloc(strlen(helpText) + 102))) {
data/acedb-4.9.39+dfsg.02/w9/efetch.c:252:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(help, cc_date, 100);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:253:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(help, "\n");
data/acedb-4.9.39+dfsg.02/w9/efetch.c:264:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(divfile, optarg, MAXFILE); break;
data/acedb-4.9.39+dfsg.02/w9/efetch.c:288:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(customName, optarg, MAXFILE); break;
data/acedb-4.9.39+dfsg.02/w9/efetch.c:295:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(usage = malloc(strlen(usageText) + 102))) {
data/acedb-4.9.39+dfsg.02/w9/efetch.c:300:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(usage, cc_date, 102);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:301:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(usage, "\n");
data/acedb-4.9.39+dfsg.02/w9/efetch.c:312:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(query); i++) query[i] = toupper(query[i]);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:319:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(dbsource); i++) dbsource[i] = toupper(dbsource[i]);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:383:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dbsource, "W");
data/acedb-4.9.39+dfsg.02/w9/efetch.c:388:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strchr(query, '_') || strlen(query) < 5 ) swissprot();
data/acedb-4.9.39+dfsg.02/w9/embl.c:253:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ix + strlen (cp) > 70)
data/acedb-4.9.39+dfsg.02/w9/embl.c:260:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ix += strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w9/embl.c:668:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(featText, cp, 15) ; /* RD 010619 - to avoid shared buffer problems */
data/acedb-4.9.39+dfsg.02/w9/embl.c:1360:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ if (strlen(name(key)) > 60)
data/acedb-4.9.39+dfsg.02/w9/embl.c:1364:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(stackText (text,0)) + strlen(name(key)) + 3 > 65)
data/acedb-4.9.39+dfsg.02/w9/embl.c:1364:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(stackText (text,0)) + strlen(name(key)) + 3 > 65)
data/acedb-4.9.39+dfsg.02/w9/embl.c:1401:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ix + strlen (cp) > 70)
data/acedb-4.9.39+dfsg.02/w9/embl.c:1408:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ix += strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w9/embl.c:1416:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ix + strlen (cp) > 70)
data/acedb-4.9.39+dfsg.02/w9/embl.c:1423:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ix += strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w9/embl.c:1446:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (cq, dateString, 11) ;
data/acedb-4.9.39+dfsg.02/w9/fetch.c:45:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dbsource, "S");
data/acedb-4.9.39+dfsg.02/w9/fetch.c:51:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dbsource, "P");
data/acedb-4.9.39+dfsg.02/w9/fetch.c:57:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dbsource, "W");
data/acedb-4.9.39+dfsg.02/w9/fetch.c:65:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dbsource, "E");
data/acedb-4.9.39+dfsg.02/w9/fetch.c:71:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dbsource, "G");
data/acedb-4.9.39+dfsg.02/w9/fetch.c:77:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dbsource, "D");
data/acedb-4.9.39+dfsg.02/w9/fetch.c:85:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dbsource, "R");
data/acedb-4.9.39+dfsg.02/w9/fetch.c:218:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(query); i++) query[i] = toupper(query[i]);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:221:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(dbsource); i++) dbsource[i] = toupper(dbsource[i]);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:284:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dbsource, "W");
data/acedb-4.9.39+dfsg.02/w9/fetch.c:289:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strchr(query, '_') || strlen(query) < 5 ) swissprot();
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:465:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
do { c = fgetc(fp); } while (c != '\n' && c != EOF);
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:869:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (dna) ;
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:925:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ strncpy(fileName, cp, MAXSTRLEN - 1) ;
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:1035:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c:455:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf, messprintf ("2point %s: %s %s: %s",
data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c:475:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (buf, messprintf (" [%.2f, %.2f, %.2f]",
data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c:476:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lo, best, hi), 127 - strlen(buf)) ;
data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c:909:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buff, name(seg->key), 6);
data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c:910:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buff) != strlen(name(seg->key)))
data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c:910:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buff) != strlen(name(seg->key)))
data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c:912:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buff, name(seg->key), 4);
data/acedb-4.9.39+dfsg.02/w9/gmapphys.c:248:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(look->messageText, name(seg->key), 100);
data/acedb-4.9.39+dfsg.02/w9/gmapphys.c:464:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(look->messageText, name(seg->key), 100);
data/acedb-4.9.39+dfsg.02/w9/readseq.c:71:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc (fil) ;
data/acedb-4.9.39+dfsg.02/w9/readseq.c:73:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ c = fgetc(fil) ;
data/acedb-4.9.39+dfsg.02/w9/readseq.c:79:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc (fil) ;
data/acedb-4.9.39+dfsg.02/w9/readseq.c:85:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc (fil) ;
data/acedb-4.9.39+dfsg.02/w9/readseq.c:91:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc (fil) ;
data/acedb-4.9.39+dfsg.02/w9/readseq.c:112:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ c = fgetc (fil) ;
data/acedb-4.9.39+dfsg.02/w9/translate.c:72:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((aaseq = (char *) messalloc (strlen(seq) + 1)) == NULL)
data/acedb-4.9.39+dfsg.02/w9/translate.c:96:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aaptr += strlen(code[codon]);
data/acedb-4.9.39+dfsg.02/w9/translate.c:122:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bases = strlen(seq);
data/acedb-4.9.39+dfsg.02/w9/translate.c:163:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (pos = 0; pos < strlen(seq); pos++)
data/acedb-4.9.39+dfsg.02/w9/vmapdata2.c:1840:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf, messprintf ("2point %s: %s %s: %s",
data/acedb-4.9.39+dfsg.02/w9/vmapdata2.c:1854:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (buf, messprintf (" [%.2f, %.2f, %.2f]",
data/acedb-4.9.39+dfsg.02/w9/vmapdata2.c:1855:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lo, best, hi), 127 - strlen(buf)) ;
data/acedb-4.9.39+dfsg.02/w9/vmapphys.c:169:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bumpItem (bump, strlen(name(seg->key))+1, 1.0, &ix, &y) ;
data/acedb-4.9.39+dfsg.02/wabi/abifix.c:808:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf, name(key), 254) ;
data/acedb-4.9.39+dfsg.02/wabi/abifix.c:814:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cq = cp + strlen(cp) ;
data/acedb-4.9.39+dfsg.02/wabi/abifix.c:850:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf, cp,298) ;
data/acedb-4.9.39+dfsg.02/wabi/abifix.c:924:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf, name(keySet(aa,0)), 99) ;
data/acedb-4.9.39+dfsg.02/wabi/annot.c:108:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (note->tagName && strlen(note->tagName))
data/acedb-4.9.39+dfsg.02/wabi/annot.c:120:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (note->u.s, cp, note->length) ;
data/acedb-4.9.39+dfsg.02/wabi/annot.c:226:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
graphText (timeShow (note->u.time), 5 + strlen(note->title), line++) ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:248:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (buf, "\n") ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:780:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
extern Array ctfDecorrelate (Read *read, int predictionMode) ; /* do not put in .h, this is a test code */
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:1014:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen (cq) ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:1015:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i && strlen (cp) > i && !strncmp (cp, cq, i) &&
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:1148:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = name(key) + strlen (name(key)) ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:3707:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = buf + strlen(buf) ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:3710:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(cp + 1) &&
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:3711:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(cp) < 12
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:3716:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = buf1 + strlen(buf1) ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:3719:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(cp + 1) &&
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:3720:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(cp) < 12 &&
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:3768:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ctf, cp, 100) ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:3770:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (scf, cp, 100) ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:499:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (look->segTextBuf, stackText(s,0), 125) ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3047:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = name(seg->key) ; j = strlen (cp) ; cp += j ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3050:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen (cp) ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3260:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf, name(key), 254) ; buf[255] = 0 ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3261:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = buf + strlen(buf) - 1 ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3276:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (bb, messprintf("%s%d", cr, i), 127) ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3291:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf, cp, 127) ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3296:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf, name(key), 127) ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:512:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x += strlen(seg->title) + 3 ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:537:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x += strlen(seg->title) + 3 ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:550:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x += strlen(seg->title2) + 3 ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:623:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seg->nn = strlen (name (cosmid) + 2) ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:628:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seg2->nn = strlen (name (cosmid) + 2) ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:758:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seg->nn = strlen(name(clone)) ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:788:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seg->nn = strlen(name(clone)) ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:834:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seg->nn = strlen (cq) + 4 ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:898:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nn = strlen (stackText (s, 0)) % 4 ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:902:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seg->nn = strlen (stackText (s, 0)) ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:946:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (seg->buf, cp, len) ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:1036:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (seg->buf, cr + j, len) ;
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:66:20: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
s[0] = (char)getc(fep);
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:70:21: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
s[0] = (char)getc(fep);
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:72:20: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
s[0] = (char)getc(fep);
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:89:19: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
s[0] = (char)getc(fep);
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:1989:18: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
s[0] = (char)getc(fseq);
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:1993:19: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
s[0] = (char)getc(fseq);
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:1995:21: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
s[0] = (char)getc(fseq);
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2010:22: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
s[0] = (char)getc(fseq);
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2084:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lnom=strlen(nom);
data/acedb-4.9.39+dfsg.02/wabi/saucisse.c:345:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(cp) ;
data/acedb-4.9.39+dfsg.02/wabi/saucisse.c:347:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arrayMax(test) = strlen(cp) ;
data/acedb-4.9.39+dfsg.02/wabi/trace.c:2283:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
graphText (cp, x - strlen(cp) + 1.9, y - 2.3) ;
data/acedb-4.9.39+dfsg.02/wabi/trace.c:3783:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*offset += .5 + ( cp ? strlen(cp) : 0 );
data/acedb-4.9.39+dfsg.02/wac/acclient.c:647:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen ((char *) (p->buffer+p->cursor)) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1166:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
command = messalloc (30 + strlen (new_class) + strlen (new_name)) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1166:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
command = messalloc (30 + strlen (new_class) + strlen (new_name)) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1424:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen ((char *)cp) ; nn -= n + 1 ; cp += n + 1 ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1602:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * command = halloc (strlen (query) + 100, 0) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1654:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * command = halloc (strlen (query) + strlen (params) + 100, 0) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1654:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * command = halloc (strlen (query) + strlen (params) + 100, 0) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1836:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buff = messalloc (20 + (query ? strlen (query) : 10)) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2513:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *command = messalloc (60 + strlen (name)) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2544:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *command = messalloc (strlen(name)+100) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2735:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
* result_length = strlen ((char *)seq) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2781:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (cp))
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2802:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (text) + 100 ;
data/acedb-4.9.39+dfsg.02/wac/acclient_acetcp.c:48:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outgoing_transaction_send( d->out, 'n', command, strlen(command)+1);
data/acedb-4.9.39+dfsg.02/wac/acclient_acetcp.c:76:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outgoing_transaction_send( d->out, 'e', command, strlen(command)+1);
data/acedb-4.9.39+dfsg.02/wac/acclient_acetcp.c:78:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outgoing_transaction_send( d->out, 't', command, strlen(command)+1);
data/acedb-4.9.39+dfsg.02/wac/acclient_acetcp.c:232:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dyn_error,(char *)acetcp_rp+1, 199);
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:323:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
connection->last_errmsg = malloc(strlen(msg1) + strlen(msg2) + 2);
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:323:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
connection->last_errmsg = malloc(strlen(msg1) + strlen(msg2) + 2);
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:325:1: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(connection->last_errmsg, " ");
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:519:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(connection->userid) + strlen(hash_nonce) + 2;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:519:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(connection->userid) + strlen(hash_nonce) + 2;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:776:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes = read(fd, readbuf, *bytes_pending_inout) ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1015:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg->proto_hdr.length = strlen(message) + 1 ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1374:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&Md5Ctx, (unsigned char *)strings[i], strlen(strings[i])) ;
data/acedb-4.9.39+dfsg.02/wac/accmd.c:62:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prompt=halloc(strlen(dbname)+20, 0);
data/acedb-4.9.39+dfsg.02/wac/acctest.c:810:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((char*)s) != len && strlen((char*)s) != len - 1)
data/acedb-4.9.39+dfsg.02/wac/acctest.c:810:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((char*)s) != len && strlen((char*)s) != len - 1)
data/acedb-4.9.39+dfsg.02/wac/acinside.c:412:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cp = name + strlen (name) - 1 ;
data/acedb-4.9.39+dfsg.02/wac/acinside.c:427:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cp = name + strlen (name) - 1 ;
data/acedb-4.9.39+dfsg.02/wac/acinside.c:696:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(nam) < 3000)
data/acedb-4.9.39+dfsg.02/wac/acinside.c:703:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cp = messalloc (30 + strlen(class) + strlen(nam)) ;
data/acedb-4.9.39+dfsg.02/wac/acinside.c:703:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cp = messalloc (30 + strlen(class) + strlen(nam)) ;
data/acedb-4.9.39+dfsg.02/wac/acinside.c:1346:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cq += strlen (cq) ;
data/acedb-4.9.39+dfsg.02/wace/acediff.c:88:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
a = getc(inA) ;
data/acedb-4.9.39+dfsg.02/wace/acediff.c:89:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b = getc(inB) ;
data/acedb-4.9.39+dfsg.02/wace/acediff.c:107:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (putc(getc(f),out) == EOF)
data/acedb-4.9.39+dfsg.02/wace/acediff.c:217:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( (ch=getc(in)) != EOF)
data/acedb-4.9.39+dfsg.02/wace/acediff.c:234:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( (ch=getc(in)) != EOF)
data/acedb-4.9.39+dfsg.02/wace/acediff.c:278:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen(cp) > 1)
data/acedb-4.9.39+dfsg.02/wace/acediff.c:450:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
termPosFinal=strlen(LongTextEnd);
data/acedb-4.9.39+dfsg.02/wace/acediffsorted.c:260:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( (ch=getc(buf->in)) != (unsigned char)EOF) {
data/acedb-4.9.39+dfsg.02/wace/acediffsorted.c:269:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch=getc(buf->in)) != (unsigned char)EOF) {
data/acedb-4.9.39+dfsg.02/wace/acediffsorted.c:348:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen(cp) > 1) && cp[len-1] == '\"' && cp[len-2] != '\\')
data/acedb-4.9.39+dfsg.02/wace/acediffsorted.c:498:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
termPosFinal=strlen(LongTextEnd);
data/acedb-4.9.39+dfsg.02/wace/acediffsorted.c:513:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cq = cp + strlen(cp) - 2;
data/acedb-4.9.39+dfsg.02/wace/acediffsorted.c:528:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cq = cp + strlen(cp) - 2;
data/acedb-4.9.39+dfsg.02/wace/acesubs.c:62:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nused = strlen(tag) + 3 ;
data/acedb-4.9.39+dfsg.02/wace/acesubs.c:72:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) < nleft)
data/acedb-4.9.39+dfsg.02/wace/acesubs.c:95:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tag) + strlen(*items) > 70)
data/acedb-4.9.39+dfsg.02/wace/acesubs.c:95:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tag) + strlen(*items) > 70)
data/acedb-4.9.39+dfsg.02/wace/acesubs.c:102:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ if (i + strlen (*items) > 75)
data/acedb-4.9.39+dfsg.02/wace/acesubs.c:127:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tag) + strlen(cp) > 70)
data/acedb-4.9.39+dfsg.02/wace/acesubs.c:127:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tag) + strlen(cp) > 70)
data/acedb-4.9.39+dfsg.02/wace/acesubs.c:134:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ if (i + strlen (cp) > 75)
data/acedb-4.9.39+dfsg.02/wace/homonym.c:128:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ cq = cp + strlen(cp) - 1 ;
data/acedb-4.9.39+dfsg.02/wace/makeUserPasswd.c:61:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&Md5Ctx, (unsigned char *)argv[1], strlen(argv[1])) ;
data/acedb-4.9.39+dfsg.02/wace/makeUserPasswd.c:62:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&Md5Ctx, (unsigned char *)passwd, strlen(passwd)) ;
data/acedb-4.9.39+dfsg.02/wace/makeUserPasswd.c:130:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| (strlen(passwd1) < 6) /* must be at least 6 chars */
data/acedb-4.9.39+dfsg.02/wace/pmapace.c:65:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ *cp = fgetc(in) ;
data/acedb-4.9.39+dfsg.02/wace/pmapace.c:94:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cloneName[kclone] = (char*) messalloc (strlen (&buffer[3]) + 1) ;
data/acedb-4.9.39+dfsg.02/wace/pmapace.c:192:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (gene,&buffer[3],8) ;
data/acedb-4.9.39+dfsg.02/wace/pmapace.c:196:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (remark,&buffer[11],40) ;
data/acedb-4.9.39+dfsg.02/wace/pmapace2.c:51:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ *cp = fgetc(in) ;
data/acedb-4.9.39+dfsg.02/wace/pmapace2.c:80:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cloneName[kclone] = (char*) messalloc (strlen (&buffer[3]) + 1) ;
data/acedb-4.9.39+dfsg.02/wace/pmapace2.c:176:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (gene,&buffer[3],8) ;
data/acedb-4.9.39+dfsg.02/wace/pmapace2.c:180:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (remark,&buffer[11],40) ;
data/acedb-4.9.39+dfsg.02/wace/removeContinuations.c:41:10: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
oldc = getchar() ;
data/acedb-4.9.39+dfsg.02/wace/removeContinuations.c:43:11: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ c = getchar() ;
data/acedb-4.9.39+dfsg.02/wace/removeContinuations.c:46:15: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ oldc = getchar () ;
data/acedb-4.9.39+dfsg.02/waql/aqldebug.c:222:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (rel[strlen(rel)-1] != ' ')
data/acedb-4.9.39+dfsg.02/waql/aqldebug.c:525:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ival += strlen(varName(inNode)) + 5;
data/acedb-4.9.39+dfsg.02/waql/aqldebug.c:527:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ival -= strlen(varName(inNode)) + 5;
data/acedb-4.9.39+dfsg.02/waql/aqldebug.c:539:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ival += strlen(varName(inNode)) + 5;
data/acedb-4.9.39+dfsg.02/waql/aqldebug.c:565:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ival += (strlen(aqlOpTypeName(inNode->op)) + 2);
data/acedb-4.9.39+dfsg.02/waql/aqldebug.c:617:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ival += strlen(varName(n->loc->definition)) ;
data/acedb-4.9.39+dfsg.02/waql/aqldebug.c:619:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ival += strlen(varName(n));
data/acedb-4.9.39+dfsg.02/waql/aqldebug.c:685:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ival += (strlen(aqlOpTypeName(inNode->op)) + 2);
data/acedb-4.9.39+dfsg.02/waql/aqldebug.c:701:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ival += strlen(messprintf(":%d", inNode->number));
data/acedb-4.9.39+dfsg.02/waql/aqldebug.c:740:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ival += strlen(varName(inNode)) + 1; /* position 'where' below the 'in' in the decl */
data/acedb-4.9.39+dfsg.02/waql/aqldebug.c:840:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ival += strlen(aqlOpTypeName(inNode->op));
data/acedb-4.9.39+dfsg.02/waql/aqldebug.c:846:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ival += strlen(aqlOpTypeName(inNode->op)) + 1;
data/acedb-4.9.39+dfsg.02/waql/aqldebug.c:848:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ival -= strlen(aqlOpTypeName(inNode->op)) + 1;
data/acedb-4.9.39+dfsg.02/waql/aqlerror.c:91:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (end >= strlen (aql->query->text))
data/acedb-4.9.39+dfsg.02/waql/aqlerror.c:92:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = strlen(aql->query->text) - 1 ;
data/acedb-4.9.39+dfsg.02/waql/aqlerror.c:94:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf, aql->query->text + start, end-start+1) ;
data/acedb-4.9.39+dfsg.02/waql/aqlerror.c:116:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (aql->errorReport, startLine, cp-startLine);
data/acedb-4.9.39+dfsg.02/waql/aqlerror.c:117:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (aql->errorReport, "\n");
data/acedb-4.9.39+dfsg.02/waql/aqlerror.c:126:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (aql->errorReport, "\n");
data/acedb-4.9.39+dfsg.02/waql/aqlrun.c:1100:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fromFieldNode->loc->value.i = strlen(methodNode->loc->value.s);
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:127:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bSize = strlen(szServerStringBinding) ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:178:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int reponseSize = strlen(*pReponse) ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:227:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(epStr, service, 249) ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:264:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *)pStr, protocol, 31) ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:286:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(epStr, endpoint, 255) ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:836:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = *loop ? strlen(loop): 0 ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:842:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i += strlen(loop);
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:843:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
loop += strlen(loop);
data/acedb-4.9.39+dfsg.02/wdce/dceserverlib.cpp:400:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nn = strlen (cp) ;
data/acedb-4.9.39+dfsg.02/wdce/dceserverlib.cpp:417:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nn = strlen (cp) ;
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:484:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(s);
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:495:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(s);
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1661:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(version, (char *)buf + 3, 3);
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:2216:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = getc(in);
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:2221:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = getc(in);
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:2238:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = getc(in);
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:2282:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(in);
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:2444:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(fd);
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:2453:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(fd);
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:2458:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(fd);
data/acedb-4.9.39+dfsg.02/wgnbk/gnbk.c:114:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(vp && (n=read(fd,vp,size))!=size)
data/acedb-4.9.39+dfsg.02/wgnbk/gnbk.c:228:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dn = strlen(cp) + 1 ;
data/acedb-4.9.39+dfsg.02/wgnbk/gnbk.c:239:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf[ii++], cp, 255) ;
data/acedb-4.9.39+dfsg.02/wgnbk/gnbk.c:258:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf[ii++], cp, 255) ;
data/acedb-4.9.39+dfsg.02/wgnbk/gnbk.c:457:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dn = strlen(cp) + 1 ;
data/acedb-4.9.39+dfsg.02/wgnbk/gnbk.c:471:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf[ii++], cp, 255) ;
data/acedb-4.9.39+dfsg.02/wgnbk/gnbk.c:489:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf[ii++], cp, 255) ;
data/acedb-4.9.39+dfsg.02/wgnbk/gnbkserver.c:207:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(argv[n]) < 12 &&
data/acedb-4.9.39+dfsg.02/wgnbk/gnbkserver.c:217:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(argv[n]) < 12 &&
data/acedb-4.9.39+dfsg.02/wgnbk/rpcgnbk_sp.c:110:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nn = strlen (cp) ;
data/acedb-4.9.39+dfsg.02/wh/dbidx.h:75:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extern int strlen(),
data/acedb-4.9.39+dfsg.02/wh/dnaalign.h:133:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
BOOL dnaAlignDoReInsertLoners (KEY seqKey, KEYSET read) ;
data/acedb-4.9.39+dfsg.02/wh/igdevent.h:231:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
extern int read PROTO(( int sd, char *buff, int size_buff));
data/acedb-4.9.39+dfsg.02/wh/igdevent.h:236:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t strlen (const char *s);
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:431:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fgetc (FILE *stream);
data/acedb-4.9.39+dfsg.02/whooks/class.c:159:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cp1 = messalloc(strlen(cp)+200);
data/acedb-4.9.39+dfsg.02/whooks/sysclass.c:585:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(cp)>199)
data/acedb-4.9.39+dfsg.02/win32/startace.c:135:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(f)) != EOF)
data/acedb-4.9.39+dfsg.02/win32/winaceshell.c:32:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tot += strlen(argv[i])+1;
data/acedb-4.9.39+dfsg.02/win32/winaceshell.c:40:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(args, " ");
data/acedb-4.9.39+dfsg.02/wjo/o2m.c:554:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xOff += 2 + strlen (name (ox->c3)) ;
data/acedb-4.9.39+dfsg.02/wjo/o2m.c:573:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{yl = strlen (name (array (ox->axis3, i, KEY))) ;
data/acedb-4.9.39+dfsg.02/wjo/o2m.c:582:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = strlen (name (c3seg->key)) ;
data/acedb-4.9.39+dfsg.02/wjo/o2m.c:1130:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ox->message2Text, messprintf ("Homology "), 80) ;
data/acedb-4.9.39+dfsg.02/wjo/oxgriddisp.c:1303:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = strlen (name (ox->s1)) + strlen (name (ox->s2)) + 17 ;
data/acedb-4.9.39+dfsg.02/wjo/oxgriddisp.c:1303:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = strlen (name (ox->s1)) + strlen (name (ox->s2)) + 17 ;
data/acedb-4.9.39+dfsg.02/wjo/oxgriddisp.c:1304:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xOff += 2 + strlen (name (ox->s2)) ;
data/acedb-4.9.39+dfsg.02/wjo/oxgriddisp.c:1391:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen (name (array (ox->axis2, i, KEY))) ;
data/acedb-4.9.39+dfsg.02/wjo/oxgriddisp.c:1398:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{l = strlen (name (array (ox->axis1, i, KEY))) ;
data/acedb-4.9.39+dfsg.02/wjo/oxgriddisp.c:1702:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, n = strlen(text) ;
data/acedb-4.9.39+dfsg.02/wjo/oxhomlist.c:144:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{wmax = strlen (name (seg->gene1)) ;
data/acedb-4.9.39+dfsg.02/wjo/oxhomlist.c:146:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wmax = strlen (name (seg->gene2)) ;
data/acedb-4.9.39+dfsg.02/wjo/oxhomlist.c:153:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wmax = strlen (name (ox->s1)) + 4 ;
data/acedb-4.9.39+dfsg.02/wjo/oxhomlist.c:155:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wmax = strlen (name (m1)) ;
data/acedb-4.9.39+dfsg.02/wjo/oxhomlist.c:157:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wmax = strlen (name (ox->s2)) + 4 ;
data/acedb-4.9.39+dfsg.02/wjo/oxhomlist.c:159:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wmax = strlen (name (m2)) ;
data/acedb-4.9.39+dfsg.02/wjo/pairmapdisp.c:544:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xOff += 2 + strlen (name (ox->c2)) ;
data/acedb-4.9.39+dfsg.02/wjo/pairmapdisp.c:552:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = strlen (name (c2seg->key)) ;
data/acedb-4.9.39+dfsg.02/wjo/pairmapdisp.c:558:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yl = strlen (name (c1seg->key)) ;
data/acedb-4.9.39+dfsg.02/wjo/pairmapdisp.c:1099:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ox->messageText, messprintf ("Homology "), 80) ;
data/acedb-4.9.39+dfsg.02/wjo/specg.c:263:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ox->message3Text, messprintf ("Homology "), 80) ;
data/acedb-4.9.39+dfsg.02/wjo/specg.c:734:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xOff += 2 + strlen (name (ox->c4)) ;
data/acedb-4.9.39+dfsg.02/wjo/specg.c:751:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{yl = strlen (name (keySet (ox->specs, i))) ;
data/acedb-4.9.39+dfsg.02/wjo/specg.c:760:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = strlen (name (c4seg->key)) ;
data/acedb-4.9.39+dfsg.02/wmd5/digcalc.c:45:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&Md5Ctx, pszUserName, strlen(pszUserName));
data/acedb-4.9.39+dfsg.02/wmd5/digcalc.c:47:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&Md5Ctx, pszRealm, strlen(pszRealm));
data/acedb-4.9.39+dfsg.02/wmd5/digcalc.c:49:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&Md5Ctx, pszPassword, strlen(pszPassword));
data/acedb-4.9.39+dfsg.02/wmd5/digcalc.c:60:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&Md5Ctx, pszNonce, strlen(pszNonce));
data/acedb-4.9.39+dfsg.02/wmd5/digcalc.c:62:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&Md5Ctx, pszCNonce, strlen(pszCNonce));
data/acedb-4.9.39+dfsg.02/wmd5/digcalc.c:88:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&Md5Ctx, pszMethod, strlen(pszMethod));
data/acedb-4.9.39+dfsg.02/wmd5/digcalc.c:90:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&Md5Ctx, pszDigestUri, strlen(pszDigestUri));
data/acedb-4.9.39+dfsg.02/wmd5/digcalc.c:106:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&Md5Ctx, pszNonce, strlen(pszNonce));
data/acedb-4.9.39+dfsg.02/wmd5/digcalc.c:109:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&Md5Ctx, pszNonceCount, strlen(pszNonceCount));
data/acedb-4.9.39+dfsg.02/wmd5/digcalc.c:111:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&Md5Ctx, pszCNonce, strlen(pszCNonce));
data/acedb-4.9.39+dfsg.02/wmd5/digcalc.c:113:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&Md5Ctx, pszQop, strlen(pszQop));
data/acedb-4.9.39+dfsg.02/wmd5/mddriver.c:107:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int len = strlen (string);
data/acedb-4.9.39+dfsg.02/wnq/acelib.c:105:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*replyLength = strlen(cp) ;
data/acedb-4.9.39+dfsg.02/wnq/acelib.c:113:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!buffer || !*buffer || strlen(buffer) > 10000)
data/acedb-4.9.39+dfsg.02/wnq/acelib.c:614:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!cr || !strlen(cr))
data/acedb-4.9.39+dfsg.02/wnq/flag.c:74:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen (set) ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:82:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0 ; i < strlen(type); ++i)
data/acedb-4.9.39+dfsg.02/wnq/table.c:113:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t->ncol = ncol = strlen(type) ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:349:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (string && strlen(string) > 0)
data/acedb-4.9.39+dfsg.02/wnq/table.c:598:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
specLen = strlen(spec);
data/acedb-4.9.39+dfsg.02/wnq/table.c:1005:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(leftTable->type) != strlen((*destTable)->type))
data/acedb-4.9.39+dfsg.02/wnq/table.c:1005:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(leftTable->type) != strlen((*destTable)->type))
data/acedb-4.9.39+dfsg.02/wnq/table.c:1078:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(leftTable->type) != strlen((*destTable)->type))
data/acedb-4.9.39+dfsg.02/wnq/table.c:1078:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(leftTable->type) != strlen((*destTable)->type))
data/acedb-4.9.39+dfsg.02/wnq/table.c:1144:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(leftTable->type) != strlen((*destTable)->type))
data/acedb-4.9.39+dfsg.02/wnq/table.c:1144:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(leftTable->type) != strlen((*destTable)->type))
data/acedb-4.9.39+dfsg.02/wnq/table.c:1349:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aceOutBinary ( dump_out, cp, strlen(cp) + 1) ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:1417:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aceOutBinary ( dump_out, cp, strlen(cp) + 1) ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:1583:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aceOutBinary (dump_out, cp, strlen(cp) + 1) ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:2102:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (format_type && strlen(format_type) > 0)
data/acedb-4.9.39+dfsg.02/wnq/table.c:2195:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!types || !(ncol = strlen(types)))
data/acedb-4.9.39+dfsg.02/wrpc/aceclient.c:456:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ register char *cp1 = cp + strlen(cp) - 1 ;
data/acedb-4.9.39+dfsg.02/wrpc/aceclientlib.c:536:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = *loop ? strlen(loop): 0 ;
data/acedb-4.9.39+dfsg.02/wrpc/aceclientlib.c:542:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i += strlen(loop);
data/acedb-4.9.39+dfsg.02/wrpc/aceclientlib.c:543:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
loop += strlen(loop);
data/acedb-4.9.39+dfsg.02/wrpc/aceserver.c:714:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (c = getc(f), c != (char)EOF)
data/acedb-4.9.39+dfsg.02/wrpc/aceserver.c:742:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (0) ;
data/acedb-4.9.39+dfsg.02/wrpc/acesyb.c:115:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(srvname) > 0)
data/acedb-4.9.39+dfsg.02/wrpc/acesyb.c:117:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(procname) > 0)
data/acedb-4.9.39+dfsg.02/wrpc/acesyb.c:184:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return(sizeof(ayNodeType)+strlen(np->data.textData));
data/acedb-4.9.39+dfsg.02/wrpc/acesyb.c:406:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
to->data.textData= messalloc(strlen(from->data.textData));
data/acedb-4.9.39+dfsg.02/wrpc/acesybase.c:141:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
np->data.textData=messalloc(strlen(bs->bt->cp));
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:156:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(linebuffer);
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:214:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(s2);
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:247:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end_of_line = text + strlen(text) - 1 ;
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:274:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!stripBlanks || strlen(current) > 0)
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:281:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((!stripLastBlank && !stripBlanks) || (strlen(current) > 0) )
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:441:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sizeneeded = strlen(data) + COMMAND_MAX + 1;
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:200:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(linebuffer);
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:253:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(s2);
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:286:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end_of_line = text + strlen(text) - 1 ;
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:313:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!stripBlanks || strlen(current) > 0)
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:320:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((!stripLastBlank && !stripBlanks) || (strlen(current) > 0) )
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:373:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stripAndPrint((char*)answer,strlen(answer),FALSE,FALSE, 0);
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:471:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sizeneeded = strlen(data) + COMMAND_MAX + 1;
data/acedb-4.9.39+dfsg.02/wrpc/rpcace_sp.c:129:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nn = strlen (cp) ;
data/acedb-4.9.39+dfsg.02/wrpc/rpcace_sp.c:137:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nn = strlen (cp) ;
data/acedb-4.9.39+dfsg.02/wrpc/test.client.c:59:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data_s.cmd.cmd_len = (u_int)strlen(argv[2])+1;
data/acedb-4.9.39+dfsg.02/wrpc/xclient.c:204:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (server, cp, 254) ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocket.c:774:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (0) ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c:167:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Stack s = stackCreate (strlen(text)+1) ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c:441:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg->mBytesRequested = strlen(stackText(msg->writeStack, 0)) + 1 ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c:560:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes = read(fd, readbuf, *bytesPending) ;
data/acedb-4.9.39+dfsg.02/wsocket/saceclient.c:701:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ register char *cp1 = cp + strlen(cp) - 1 ;
data/acedb-4.9.39+dfsg.02/wsocket/saceclient.c:795:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file_rc = getc(stdin) ;
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:259:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(*cp) ;
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:262:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += (1 + strlen(answers[i])) ;
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:265:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen(passwd_str) ;
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:273:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (!strcat(tmp, " ") || !strcat(tmp, answers[i]))
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:279:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (!strcat(tmp, " ") || !strcat(tmp, passwd_str))
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:358:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(*cp) ;
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:361:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += (1 + strlen(answers[i])) ;
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:370:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (!strcat(tmp, " ") || !strcat(tmp, answers[i]))
data/acedb-4.9.39+dfsg.02/wsocket/sclientlib.c:174:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(request) ;
data/acedb-4.9.39+dfsg.02/wsocket/sclientlib.c:367:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
phrase_len += (strlen(words[i]) + 1) ;
data/acedb-4.9.39+dfsg.02/wsocket/sclientlib.c:375:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(phrase, " ") ;
data/acedb-4.9.39+dfsg.02/wsocket/serverace.c:1108:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (c = getc(f), c != (char)EOF)
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:180:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(array(contents, i, char*), perm_type, strlen(perm_type)) == 0)
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:183:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
array(contents, i, char*) = messalloc(strlen(perm_type) + 1 + strlen(perm_level) + 1) ;
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:183:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
array(contents, i, char*) = messalloc(strlen(perm_type) + 1 + strlen(perm_level) + 1) ;
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:185:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
|| strcat(array(contents, i, char *), " ") == NULL
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:405:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& str_pos != (domain_name + (strlen(domain_name) - 1)))
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:768:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strstr(userid, word) == userid + strlen(userid) - strlen(word))
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:768:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strstr(userid, word) == userid + strlen(userid) - strlen(word))
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1100:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
backup_name = messalloc(strlen(file_path) + strlen(backup_ext) + 1) ;
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1100:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
backup_name = messalloc(strlen(file_path) + strlen(backup_ext) + 1) ;
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1147:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
= messalloc(strlen(userid) + 1 + strlen(hash) + 1) ;
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1147:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
= messalloc(strlen(userid) + 1 + strlen(hash) + 1) ;
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1150:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
|| strcat(array(passwd_entries, i, char *), " ") == NULL
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1185:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
array(passwd_entries, i, char*) = messalloc(strlen(userid) + 1 + strlen(hash) + 1) ;
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1185:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
array(passwd_entries, i, char*) = messalloc(strlen(userid) + 1 + strlen(hash) + 1) ;
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1187:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
|| strcat(array(passwd_entries, i, char *), " ") == NULL
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1299:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
array(passwd_entries, i, char*) = messalloc(strlen(tmp) + 1 - strlen(userid)) ;
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1299:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
array(passwd_entries, i, char*) = messalloc(strlen(tmp) + 1 - strlen(userid)) ;
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1311:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (strcat(array(passwd_entries, i, char *), " ") == NULL
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1385:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
array(passwd_entries, i, char*) = messalloc(strlen(tmp) + 1 + strlen(userid) + 1) ;
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1385:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
array(passwd_entries, i, char*) = messalloc(strlen(tmp) + 1 + strlen(userid) + 1) ;
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1387:12: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
|| strcat(array(passwd_entries, i, char *), " ") == NULL
data/acedb-4.9.39+dfsg.02/wsocket/serverclientutils.c:61:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&Md5Ctx, (unsigned char *)strings[i], strlen(strings[i])) ;
data/acedb-4.9.39+dfsg.02/wsocket/sxclient.c:229:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (server, cp, 254) ;
data/acedb-4.9.39+dfsg.02/wstaden/Read.c:63:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Read *read;
data/acedb-4.9.39+dfsg.02/wstaden/Read.c:74:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/acedb-4.9.39+dfsg.02/wstaden/Read.c:85:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int write_reading(char *fn, Read *read, int format) {
data/acedb-4.9.39+dfsg.02/wstaden/Read.c:94:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
scf = read2scf(read);
data/acedb-4.9.39+dfsg.02/wstaden/Read.c:100:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = write_abi(fn, read);
data/acedb-4.9.39+dfsg.02/wstaden/Read.c:104:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = write_alf(fn, read);
data/acedb-4.9.39+dfsg.02/wstaden/Read.c:108:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Exp_info *e = read2exp(read, fn);
data/acedb-4.9.39+dfsg.02/wstaden/Read.c:132:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = write_pln(fn, read);
data/acedb-4.9.39+dfsg.02/wstaden/Read.c:153:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Read *read;
data/acedb-4.9.39+dfsg.02/wstaden/Read.c:181:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((read->trace_name = (char *)xmalloc(strlen(fn)+1)))
data/acedb-4.9.39+dfsg.02/wstaden/Read.c:218:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/acedb-4.9.39+dfsg.02/wstaden/Read.c:229:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fwrite_reading(FILE *fp, Read *read, int format) {
data/acedb-4.9.39+dfsg.02/wstaden/Read.c:238:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
scf = read2scf(read);
data/acedb-4.9.39+dfsg.02/wstaden/Read.c:244:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return fwrite_ctf(fp, read);
data/acedb-4.9.39+dfsg.02/wstaden/Read.c:256:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Exp_info *e = read2exp(read, "unknown");
data/acedb-4.9.39+dfsg.02/wstaden/Read.c:270:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = fwrite_pln(fp, read);
data/acedb-4.9.39+dfsg.02/wstaden/Read.h:153:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int write_reading(char *fn, Read *read, int format);
data/acedb-4.9.39+dfsg.02/wstaden/Read.h:154:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fwrite_reading(FILE *fp, Read *read, int format);
data/acedb-4.9.39+dfsg.02/wstaden/Read.h:171:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read_deallocate(Read *read);
data/acedb-4.9.39+dfsg.02/wstaden/Read.h:187:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int write_abi(char *fn, Read *read);
data/acedb-4.9.39+dfsg.02/wstaden/Read.h:188:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fwrite_abi(FILE *fp, Read *read);
data/acedb-4.9.39+dfsg.02/wstaden/Read.h:190:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int write_alf(char *fn, Read *read);
data/acedb-4.9.39+dfsg.02/wstaden/Read.h:191:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fwrite_alf(FILE *fp, Read *read);
data/acedb-4.9.39+dfsg.02/wstaden/Read.h:195:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int write_pln(char *fn, Read *read);
data/acedb-4.9.39+dfsg.02/wstaden/Read.h:196:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fwrite_pln(FILE *fp, Read *read);
data/acedb-4.9.39+dfsg.02/wstaden/Read.h:202:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int write_ctf(char *fn, Read *read);
data/acedb-4.9.39+dfsg.02/wstaden/Read.h:203:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fwrite_ctf(FILE *fp, Read *read);
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:703:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Array ctfDecorrelate (Read *read, int predictionMode)
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:746:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static BOOL ctfRecorrelate (Read *read, int predictionMode, Array a)
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:794:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static int ctfProbInfoLevel (Read *read, unsigned char *mixProb)
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:828:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static Array ctfPackTraces (Read *read)
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:843:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ctfTracePeakValue (read) ; /* sets read-> maxTraceVal */
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:850:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
probInfoLevel = ctfProbInfoLevel (read, mixProb) ;
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:893:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
a1 = ctfDecorrelate (read, PREDICTIONMODE) ;
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:948:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(read->info) ;
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:964:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ strncpy (cp, read->info, n) ; cp += n ; } ;
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:1035:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void ctfUnmixProb (Read *read, int n, unsigned char *mixProb)
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:1078:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static BOOL ctfUnPackTraces (Read *read, Array a)
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:1127:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!ctfRecorrelate (read, predictionMode, decompressedData))
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:1141:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (read->info, cp, n) ; cp += n ; nn -= n ;
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:1185:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ctfUnmixProb (read, nMixProb, mixProb) ;
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:1201:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
freeSeq (read) ;
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:1246:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ctfFWrite (FILE *ff, Read *read)
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:1250:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read && read->NBases && read->NPoints && ff)
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:1252:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Array a = ctfPackTraces (read);
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:1274:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
memset (read, 0, sizeof(Read)) ;
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:1275:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (ctfUnPackTraces (read, a))
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:1299:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read ;
data/acedb-4.9.39+dfsg.02/wstaden/dummy.c:30:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int write_abi(char *fn, Read *read) {
data/acedb-4.9.39+dfsg.02/wstaden/dummy.c:40:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fwrite_abi(FILE *fp, Read *read) {
data/acedb-4.9.39+dfsg.02/wstaden/dummy.c:53:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int write_alf(char *fn, Read *read) {
data/acedb-4.9.39+dfsg.02/wstaden/dummy.c:63:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fwrite_alf(char *fn, Read *read) {
data/acedb-4.9.39+dfsg.02/wstaden/dummy.c:77:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int write_pln(char *fn, Read *read) {
data/acedb-4.9.39+dfsg.02/wstaden/dummy.c:87:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fwrite_pln(FILE *fp, Read *read) {
data/acedb-4.9.39+dfsg.02/wstaden/dummy.h:23:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int write_abi(char *fn, Read *read);
data/acedb-4.9.39+dfsg.02/wstaden/dummy.h:24:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fwrite_abi(FILE *fp, Read *read);
data/acedb-4.9.39+dfsg.02/wstaden/dummy.h:27:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int write_alf(char *fn, Read *read);
data/acedb-4.9.39+dfsg.02/wstaden/dummy.h:28:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fwrite_alf(FILE *fp, Read *read);
data/acedb-4.9.39+dfsg.02/wstaden/dummy.h:33:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int write_pln(char *fn, Read *read);
data/acedb-4.9.39+dfsg.02/wstaden/dummy.h:34:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fwrite_pln(FILE *fp, Read *read);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:211:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(seq = arr(char *,e->entries[eflt],i));
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:364:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf += strlen(buf);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:370:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf += strlen(buf);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:467:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf += strlen(buf);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:576:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l1 = strlen(en);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:577:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l2 = strlen(&line[10]);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:691:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s,exp_get_entry(e,id),s_l);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:707:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(exp_get_entry(e,id), s, len);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:731:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return exp_append_str(e,id,buf,strlen(buf));
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:748:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return exp_append_str(e,id,buf,strlen(buf));
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:774:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(c);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:777:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(f,c,i);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:793:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(c,f,i);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:993:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return exp_append_str(e,*id,buf,strlen(buf));
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:1150:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(str);
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:193:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (2 != read(fd, mg, 2)) {
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:208:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (2 != read(fd, mg, 2)) {
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:279:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mg[0] = fgetc(fp);
data/acedb-4.9.39+dfsg.02/wstaden/find.c:20:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
paths = (char *) malloc(strlen(searchpath)+1);
data/acedb-4.9.39+dfsg.02/wstaden/find.c:27:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void) strcat(wholePath,"/");
data/acedb-4.9.39+dfsg.02/wstaden/makeSCF.c:45:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clen = strlen(r->info) + 1024;
data/acedb-4.9.39+dfsg.02/wstaden/misc_scf.c:36:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(v,version,4);v[4]='\0';
data/acedb-4.9.39+dfsg.02/wstaden/read_alloc.c:126:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read_deallocate(Read *read)
data/acedb-4.9.39+dfsg.02/wstaden/read_alloc.c:150:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
xfree(read);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:359:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = fgetc(fp)) == EOF)
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:533:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *s = (char *)xmalloc(strlen(comment)+1);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:583:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return(read);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:587:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read)
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:588:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_deallocate(read);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:604:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Read *read;
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:614:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read && (read->trace_name = (char *)xmalloc(strlen(fn)+1)))
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:614:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (read && (read->trace_name = (char *)xmalloc(strlen(fn)+1)))
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:617:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:624:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int write_abi(char *fn, Read *read) {
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:633:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fwrite_abi(FILE *fp, Read *read) {
data/acedb-4.9.39+dfsg.02/wstaden/seqIOALF.c:342:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return(read);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOALF.c:346:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read)
data/acedb-4.9.39+dfsg.02/wstaden/seqIOALF.c:347:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_deallocate(read);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOALF.c:364:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Read *read;
data/acedb-4.9.39+dfsg.02/wstaden/seqIOALF.c:373:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read && (read->trace_name = (char *)xmalloc(strlen(fn)+1)))
data/acedb-4.9.39+dfsg.02/wstaden/seqIOALF.c:373:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (read && (read->trace_name = (char *)xmalloc(strlen(fn)+1)))
data/acedb-4.9.39+dfsg.02/wstaden/seqIOALF.c:376:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/acedb-4.9.39+dfsg.02/wstaden/seqIOALF.c:383:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int write_alf(char *fn, Read *read) {
data/acedb-4.9.39+dfsg.02/wstaden/seqIOALF.c:392:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fwrite_alf(FILE *fp, Read *read) {
data/acedb-4.9.39+dfsg.02/wstaden/seqIOCTF.c:41:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read ;
data/acedb-4.9.39+dfsg.02/wstaden/seqIOCTF.c:49:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Read *read;
data/acedb-4.9.39+dfsg.02/wstaden/seqIOCTF.c:59:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read && (read->trace_name = (char *)xmalloc(strlen(fn)+1)))
data/acedb-4.9.39+dfsg.02/wstaden/seqIOCTF.c:59:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (read && (read->trace_name = (char *)xmalloc(strlen(fn)+1)))
data/acedb-4.9.39+dfsg.02/wstaden/seqIOCTF.c:62:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/acedb-4.9.39+dfsg.02/wstaden/seqIOCTF.c:70:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fwrite_ctf (FILE *fp, Read *read) {
data/acedb-4.9.39+dfsg.02/wstaden/seqIOCTF.c:71:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return ctfFWrite (fp, read) ;
data/acedb-4.9.39+dfsg.02/wstaden/seqIOCTF.c:78:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int write_ctf(char *fn, Read *read) {
data/acedb-4.9.39+dfsg.02/wstaden/seqIOCTF.c:85:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fwrite_ctf (fp, read) ;
data/acedb-4.9.39+dfsg.02/wstaden/seqIOCTF.h:5:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ctfFWrite (FILE *ff, Read *read) ;
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:113:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = fgetc(fp)) != EOF) {
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:120:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fp);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:137:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
read->trace_name = (char *)xmalloc(strlen(name)+1);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:144:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fp);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:147:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fp);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:150:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fp);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:153:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fp);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:157:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fp);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:168:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
read->leftCutoff = strlen(leftc);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:173:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rightc, strlen(rightc));
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:175:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
read->NBases += read->leftCutoff + strlen(rightc);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:182:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return(read);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:186:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read)
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:187:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_deallocate(read);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:203:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Read *read;
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:212:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read && read->trace_name == NULL &&
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:213:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(read->trace_name = (char *)xmalloc(strlen(fn)+1)))
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:216:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:223:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fwrite_pln(FILE *fp, Read *read) {
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:240:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int write_pln(char *fn, Read *read) {
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:246:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fwrite_pln(fp, read)) {
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:41:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Read *read;
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:47:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (NULLRead == read)
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:100:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_deallocate(read);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:113:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:124:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Scf *read2scf(Read *read) {
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:172:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
scf->header.comments_size = strlen(read->info) + 1;
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:209:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Exp_info *read2exp(Read *read, char *EN) {
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:212:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(EN)+1;
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:256:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extend(e, EFLT_LN, strlen(cp)+1);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:261:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extend(e, EFLT_LT, strlen(t)+1);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:281:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(exp_get_entry(e, EFLT_SQ), read->base, read->NBases);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:394:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(str);
data/acedb-4.9.39+dfsg.02/wstaden/stadentranslate.h:40:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Scf *read2scf(Read *read);
data/acedb-4.9.39+dfsg.02/wstaden/stadentranslate.h:50:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Exp_info *read2exp(Read *read, char *EN);
data/acedb-4.9.39+dfsg.02/wstaden/stadentranslate.h:79:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read_update_opos(Read *read, int_2 *opos, int slen, uint_2 *basePos,
data/acedb-4.9.39+dfsg.02/wstaden/traceType.c:98:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(magics[i].string);
data/acedb-4.9.39+dfsg.02/wstaden/traceType.c:111:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( ( c = fgetc(fp) ) == EOF ) break;
data/acedb-4.9.39+dfsg.02/wtools/split.c:30:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (name, argv[1], 100) ;
data/acedb-4.9.39+dfsg.02/wtools/split.c:31:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = name + strlen(name) ;
data/acedb-4.9.39+dfsg.02/wtools/split.c:41:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((i = strlen(buf)) > 9990)
data/acedb-4.9.39+dfsg.02/wzmap/stringbucket.c:71:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = halloc(sizeof(struct sbucketchain) + strlen(string) + 1, b->handle);
data/acedb-4.9.39+dfsg.02/wzmap/zmapcalls.c:68:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *keyspec = messalloc(strlen(className(key)) + strlen(name(key)) + 2);
data/acedb-4.9.39+dfsg.02/wzmap/zmapcalls.c:68:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *keyspec = messalloc(strlen(className(key)) + strlen(name(key)) + 2);
data/acedb-4.9.39+dfsg.02/wzmap/zmapcalls.c:69:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *fromspec = messalloc(strlen(className(from)) + strlen(name(from)) + 2);
data/acedb-4.9.39+dfsg.02/wzmap/zmapcalls.c:69:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *fromspec = messalloc(strlen(className(from)) + strlen(name(from)) + 2);
data/acedb-4.9.39+dfsg.02/wzmap/zmapcalls.c:264:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
methodName = messalloc(strlen(name(methodKey))); /* need to remember to free this? */
data/acedb-4.9.39+dfsg.02/wzmap/zmapcontrol.c:817:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (width < strlen (cp))
data/acedb-4.9.39+dfsg.02/wzmap/zmapcontrol.c:818:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width = strlen (cp) ;
ANALYSIS SUMMARY:
Hits = 4359
Lines analyzed = 369414 in approximately 10.49 seconds (35205 lines/second)
Physical Source Lines of Code (SLOC) = 259695
Hits@level = [0] 2175 [1] 1730 [2] 1494 [3] 161 [4] 971 [5] 3
Hits@level+ = [0+] 6534 [1+] 4359 [2+] 2629 [3+] 1135 [4+] 974 [5+] 3
Hits/KSLOC@level+ = [0+] 25.1603 [1+] 16.7851 [2+] 10.1234 [3+] 4.37051 [4+] 3.75055 [5+] 0.011552
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.