Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/astrometry.net-0.80+dfsg/sdss/cutils_wrap.c
Examining data/astrometry.net-0.80+dfsg/blind/test_blindutils.c
Examining data/astrometry.net-0.80+dfsg/blind/agreeable.c
Examining data/astrometry.net-0.80+dfsg/blind/test_codefile.c
Examining data/astrometry.net-0.80+dfsg/blind/uniformize-catalog-main.c
Examining data/astrometry.net-0.80+dfsg/blind/quadidx.c
Examining data/astrometry.net-0.80+dfsg/blind/hpquads.c
Examining data/astrometry.net-0.80+dfsg/blind/cut-table.h
Examining data/astrometry.net-0.80+dfsg/blind/image2xy-main.c
Examining data/astrometry.net-0.80+dfsg/blind/plotindex.c
Examining data/astrometry.net-0.80+dfsg/blind/plotgrid.c
Examining data/astrometry.net-0.80+dfsg/blind/plothealpix.c
Examining data/astrometry.net-0.80+dfsg/blind/keirthing.c
Examining data/astrometry.net-0.80+dfsg/blind/demo_dsmooth.c
Examining data/astrometry.net-0.80+dfsg/blind/fvrf_key.c
Examining data/astrometry.net-0.80+dfsg/blind/imarith.c
Examining data/astrometry.net-0.80+dfsg/blind/catalog_analysis.c
Examining data/astrometry.net-0.80+dfsg/blind/noise.h
Examining data/astrometry.net-0.80+dfsg/blind/codetree.c
Examining data/astrometry.net-0.80+dfsg/blind/augment-xylist-main.c
Examining data/astrometry.net-0.80+dfsg/blind/new-wcs-main.c
Examining data/astrometry.net-0.80+dfsg/blind/engine-main.c
Examining data/astrometry.net-0.80+dfsg/blind/new-wcs.c
Examining data/astrometry.net-0.80+dfsg/blind/pnpoly.c
Examining data/astrometry.net-0.80+dfsg/blind/codefile.c
Examining data/astrometry.net-0.80+dfsg/blind/tweak2.c
Examining data/astrometry.net-0.80+dfsg/blind/hpquads-main.c
Examining data/astrometry.net-0.80+dfsg/blind/codetree-main.c
Examining data/astrometry.net-0.80+dfsg/blind/diffractionFlag_check.c
Examining data/astrometry.net-0.80+dfsg/blind/imstat.c
Examining data/astrometry.net-0.80+dfsg/blind/index-to-table.c
Examining data/astrometry.net-0.80+dfsg/blind/allquads.c
Examining data/astrometry.net-0.80+dfsg/blind/lsfile.h
Examining data/astrometry.net-0.80+dfsg/blind/startree2rdls.c
Examining data/astrometry.net-0.80+dfsg/blind/fits-guess-scale.c
Examining data/astrometry.net-0.80+dfsg/blind/quadcenters.c
Examining data/astrometry.net-0.80+dfsg/blind/unpermute-quads-main.c
Examining data/astrometry.net-0.80+dfsg/blind/plotxy.c
Examining data/astrometry.net-0.80+dfsg/blind/onepixel.c
Examining data/astrometry.net-0.80+dfsg/blind/solvedfile.c
Examining data/astrometry.net-0.80+dfsg/blind/test_resort-xylist.c
Examining data/astrometry.net-0.80+dfsg/blind/index-info.c
Examining data/astrometry.net-0.80+dfsg/blind/liststruc.c
Examining data/astrometry.net-0.80+dfsg/blind/build-index-main.c
Examining data/astrometry.net-0.80+dfsg/blind/codeprojections.c
Examining data/astrometry.net-0.80+dfsg/blind/fitscopy.c
Examining data/astrometry.net-0.80+dfsg/blind/verify2.c
Examining data/astrometry.net-0.80+dfsg/blind/get-wcs.c
Examining data/astrometry.net-0.80+dfsg/blind/plotcoadd.h
Examining data/astrometry.net-0.80+dfsg/blind/query-starkd.c
Examining data/astrometry.net-0.80+dfsg/blind/bgsubtract.c
Examining data/astrometry.net-0.80+dfsg/blind/dstnthing.c
Examining data/astrometry.net-0.80+dfsg/blind/plotquad.c
Examining data/astrometry.net-0.80+dfsg/blind/plotxxx.h
Examining data/astrometry.net-0.80+dfsg/blind/plot-constellations.c
Examining data/astrometry.net-0.80+dfsg/blind/subwcs.c
Examining data/astrometry.net-0.80+dfsg/blind/matchobj.c
Examining data/astrometry.net-0.80+dfsg/blind/tweak-main.c
Examining data/astrometry.net-0.80+dfsg/blind/pquad.h
Examining data/astrometry.net-0.80+dfsg/blind/tweak.c
Examining data/astrometry.net-0.80+dfsg/blind/test_xscale.c
Examining data/astrometry.net-0.80+dfsg/blind/rdlstohealpix.c
Examining data/astrometry.net-0.80+dfsg/blind/index-stats.c
Examining data/astrometry.net-0.80+dfsg/blind/mergesolved.c
Examining data/astrometry.net-0.80+dfsg/blind/verify.c
Examining data/astrometry.net-0.80+dfsg/blind/add-text.c
Examining data/astrometry.net-0.80+dfsg/blind/test-solver-2.c
Examining data/astrometry.net-0.80+dfsg/blind/control-program.c
Examining data/astrometry.net-0.80+dfsg/blind/fits-guess-scale-main.c
Examining data/astrometry.net-0.80+dfsg/blind/listhead.c
Examining data/astrometry.net-0.80+dfsg/blind/plotfill.c
Examining data/astrometry.net-0.80+dfsg/blind/blind.c
Examining data/astrometry.net-0.80+dfsg/blind/ftverify.c
Examining data/astrometry.net-0.80+dfsg/blind/startree.c
Examining data/astrometry.net-0.80+dfsg/blind/unpermute-stars-main.c
Examining data/astrometry.net-0.80+dfsg/blind/test_tweak.c
Examining data/astrometry.net-0.80+dfsg/blind/quad-builder.c
Examining data/astrometry.net-0.80+dfsg/blind/resort-xylist-main.c
Examining data/astrometry.net-0.80+dfsg/blind/plotxy-main.c
Examining data/astrometry.net-0.80+dfsg/blind/spike_join.c
Examining data/astrometry.net-0.80+dfsg/blind/fverify.h
Examining data/astrometry.net-0.80+dfsg/blind/imcopy.c
Examining data/astrometry.net-0.80+dfsg/blind/quadscales.c
Examining data/astrometry.net-0.80+dfsg/blind/pnpoly.h
Examining data/astrometry.net-0.80+dfsg/blind/test_plotstuff.c
Examining data/astrometry.net-0.80+dfsg/blind/test_multiindex2.c
Examining data/astrometry.net-0.80+dfsg/blind/randcat.c
Examining data/astrometry.net-0.80+dfsg/blind/hpowned.c
Examining data/astrometry.net-0.80+dfsg/blind/plotradec.c
Examining data/astrometry.net-0.80+dfsg/blind/engine.c
Examining data/astrometry.net-0.80+dfsg/blind/cut-table.c
Examining data/astrometry.net-0.80+dfsg/blind/wcs-grab.c
Examining data/astrometry.net-0.80+dfsg/blind/test_matchfile.c
Examining data/astrometry.net-0.80+dfsg/blind/merge-index.c
Examining data/astrometry.net-0.80+dfsg/blind/unpermute-quads.c
Examining data/astrometry.net-0.80+dfsg/blind/fvrf_head.c
Examining data/astrometry.net-0.80+dfsg/blind/printsolved.c
Examining data/astrometry.net-0.80+dfsg/blind/local-index.c
Examining data/astrometry.net-0.80+dfsg/blind/plotmatch.c
Examining data/astrometry.net-0.80+dfsg/blind/verify-paths.c
Examining data/astrometry.net-0.80+dfsg/blind/fitsverify.c
Examining data/astrometry.net-0.80+dfsg/blind/plotstuff-main.c
Examining data/astrometry.net-0.80+dfsg/blind/rdls2hpls.c
Examining data/astrometry.net-0.80+dfsg/blind/quad-utils.c
Examining data/astrometry.net-0.80+dfsg/blind/modhead.c
Examining data/astrometry.net-0.80+dfsg/blind/create-scamp-catalog.c
Examining data/astrometry.net-0.80+dfsg/blind/blindutils.c
Examining data/astrometry.net-0.80+dfsg/blind/verify-main.c
Examining data/astrometry.net-0.80+dfsg/blind/lsfile.c
Examining data/astrometry.net-0.80+dfsg/blind/merge-index-main.c
Examining data/astrometry.net-0.80+dfsg/blind/hpgrid.c
Examining data/astrometry.net-0.80+dfsg/blind/test_predistort.c
Examining data/astrometry.net-0.80+dfsg/blind/startree-main.c
Examining data/astrometry.net-0.80+dfsg/blind/setsolved.c
Examining data/astrometry.net-0.80+dfsg/blind/solve-field.c
Examining data/astrometry.net-0.80+dfsg/blind/fvrf_file.c
Examining data/astrometry.net-0.80+dfsg/blind/an_mm_malloc.h
Examining data/astrometry.net-0.80+dfsg/blind/build-index.c
Examining data/astrometry.net-0.80+dfsg/blind/certifiable.c
Examining data/astrometry.net-0.80+dfsg/blind/test-solver.c
Examining data/astrometry.net-0.80+dfsg/blind/plotstuff.c
Examining data/astrometry.net-0.80+dfsg/blind/tablist.c
Examining data/astrometry.net-0.80+dfsg/blind/solver.c
Examining data/astrometry.net-0.80+dfsg/blind/plotxxx.c
Examining data/astrometry.net-0.80+dfsg/blind/plotannotations.c
Examining data/astrometry.net-0.80+dfsg/blind/fvrf_misc.c
Examining data/astrometry.net-0.80+dfsg/blind/fvrf_data.c
Examining data/astrometry.net-0.80+dfsg/blind/threadtest.c
Examining data/astrometry.net-0.80+dfsg/blind/plotcoadd.c
Examining data/astrometry.net-0.80+dfsg/blind/verify2.h
Examining data/astrometry.net-0.80+dfsg/blind/matchfile.c
Examining data/astrometry.net-0.80+dfsg/blind/tabmerge.c
Examining data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c
Examining data/astrometry.net-0.80+dfsg/blind/resort-xylist.c
Examining data/astrometry.net-0.80+dfsg/blind/image2xy-files.c
Examining data/astrometry.net-0.80+dfsg/blind/catalog.c
Examining data/astrometry.net-0.80+dfsg/blind/plotimage.c
Examining data/astrometry.net-0.80+dfsg/blind/checkquads.c
Examining data/astrometry.net-0.80+dfsg/blind/unpermute-stars.c
Examining data/astrometry.net-0.80+dfsg/blind/uniformize-catalog.c
Examining data/astrometry.net-0.80+dfsg/blind/plot-xy-and-quad.c
Examining data/astrometry.net-0.80+dfsg/blind/startree.h
Examining data/astrometry.net-0.80+dfsg/blind/whynot.c
Examining data/astrometry.net-0.80+dfsg/blind/quadsperstar.c
Examining data/astrometry.net-0.80+dfsg/blind/allquads-main.c
Examining data/astrometry.net-0.80+dfsg/blind/plotoutline.c
Examining data/astrometry.net-0.80+dfsg/blind/augment-xylist.c
Examining data/astrometry.net-0.80+dfsg/util/sparsematrix.h
Examining data/astrometry.net-0.80+dfsg/util/bl.c
Examining data/astrometry.net-0.80+dfsg/util/log.c
Examining data/astrometry.net-0.80+dfsg/util/index_pyutils.c
Examining data/astrometry.net-0.80+dfsg/util/dfind2.c
Examining data/astrometry.net-0.80+dfsg/util/dfind.c
Examining data/astrometry.net-0.80+dfsg/util/image2xy.c
Examining data/astrometry.net-0.80+dfsg/util/wcs-resample.h
Examining data/astrometry.net-0.80+dfsg/util/jpl.c
Examining data/astrometry.net-0.80+dfsg/util/pad-file.c
Examining data/astrometry.net-0.80+dfsg/util/histogram.c
Examining data/astrometry.net-0.80+dfsg/util/wcsinfo.c
Examining data/astrometry.net-0.80+dfsg/util/bt.c
Examining data/astrometry.net-0.80+dfsg/util/test_log.c
Examining data/astrometry.net-0.80+dfsg/util/wcs-xy2rd.c
Examining data/astrometry.net-0.80+dfsg/util/starxy.c
Examining data/astrometry.net-0.80+dfsg/util/util_wrap.c
Examining data/astrometry.net-0.80+dfsg/util/test_ioutils.c
Examining data/astrometry.net-0.80+dfsg/util/test_xylist.c
Examining data/astrometry.net-0.80+dfsg/util/search-index.c
Examining data/astrometry.net-0.80+dfsg/util/convolve-image.c
Examining data/astrometry.net-0.80+dfsg/util/permutedsort.c
Examining data/astrometry.net-0.80+dfsg/util/cutest.c
Examining data/astrometry.net-0.80+dfsg/util/os-features-test.c
Examining data/astrometry.net-0.80+dfsg/util/test_jpl.c
Examining data/astrometry.net-0.80+dfsg/util/tic.c
Examining data/astrometry.net-0.80+dfsg/util/test_dfind.c
Examining data/astrometry.net-0.80+dfsg/util/healpix-utils.c
Examining data/astrometry.net-0.80+dfsg/util/mathutil.c
Examining data/astrometry.net-0.80+dfsg/util/multiindex.c
Examining data/astrometry.net-0.80+dfsg/util/test_dsmooth.c
Examining data/astrometry.net-0.80+dfsg/util/eigen-math-cc.cc
Examining data/astrometry.net-0.80+dfsg/util/dselip.c
Examining data/astrometry.net-0.80+dfsg/util/coadd.c
Examining data/astrometry.net-0.80+dfsg/util/coadd-main.c
Examining data/astrometry.net-0.80+dfsg/util/test_rdlist.c
Examining data/astrometry.net-0.80+dfsg/util/fits-flip-endian.c
Examining data/astrometry.net-0.80+dfsg/util/fits-column-merge.c
Examining data/astrometry.net-0.80+dfsg/util/test_simplexy.c
Examining data/astrometry.net-0.80+dfsg/util/indexset.c
Examining data/astrometry.net-0.80+dfsg/util/fit-wcs-main.c
Examining data/astrometry.net-0.80+dfsg/util/test_endian.c
Examining data/astrometry.net-0.80+dfsg/util/an-opts.c
Examining data/astrometry.net-0.80+dfsg/util/subtable.c
Examining data/astrometry.net-0.80+dfsg/util/gslutils.c
Examining data/astrometry.net-0.80+dfsg/util/md5.h
Examining data/astrometry.net-0.80+dfsg/util/histogram2d.c
Examining data/astrometry.net-0.80+dfsg/util/test_quadfile.c
Examining data/astrometry.net-0.80+dfsg/util/test_scamp_catalog.c
Examining data/astrometry.net-0.80+dfsg/util/healpix.c
Examining data/astrometry.net-0.80+dfsg/util/wcs-pv2sip-main.c
Examining data/astrometry.net-0.80+dfsg/util/test_anwcs.c
Examining data/astrometry.net-0.80+dfsg/util/fitsioutils.c
Examining data/astrometry.net-0.80+dfsg/util/codekd.c
Examining data/astrometry.net-0.80+dfsg/util/an-fitstopnm.c
Examining data/astrometry.net-0.80+dfsg/util/fitsgetext.c
Examining data/astrometry.net-0.80+dfsg/util/test_convolve_image.c
Examining data/astrometry.net-0.80+dfsg/util/simplexy.c
Examining data/astrometry.net-0.80+dfsg/util/dmedsmooth.c
Examining data/astrometry.net-0.80+dfsg/util/anwcs.c
Examining data/astrometry.net-0.80+dfsg/util/dpeaks.c
Examining data/astrometry.net-0.80+dfsg/util/quadfile.c
Examining data/astrometry.net-0.80+dfsg/util/test_errors.c
Examining data/astrometry.net-0.80+dfsg/util/test_dcen3x3.c
Examining data/astrometry.net-0.80+dfsg/util/tabsort-main.c
Examining data/astrometry.net-0.80+dfsg/util/fit-wcs.c
Examining data/astrometry.net-0.80+dfsg/util/datalog.c
Examining data/astrometry.net-0.80+dfsg/util/tpv.c
Examining data/astrometry.net-0.80+dfsg/util/fitsbin.c
Examining data/astrometry.net-0.80+dfsg/util/jpl.h
Examining data/astrometry.net-0.80+dfsg/util/get-healpix.c
Examining data/astrometry.net-0.80+dfsg/util/wcs-resample.c
Examining data/astrometry.net-0.80+dfsg/util/wcs-resample-main.c
Examining data/astrometry.net-0.80+dfsg/util/test_ctmf.c
Examining data/astrometry.net-0.80+dfsg/util/resample-main.c
Examining data/astrometry.net-0.80+dfsg/util/bl-nl-sort.c
Examining data/astrometry.net-0.80+dfsg/util/sip-utils.c
Examining data/astrometry.net-0.80+dfsg/util/test_bl.c
Examining data/astrometry.net-0.80+dfsg/util/fitsfile.c
Examining data/astrometry.net-0.80+dfsg/util/resample.c
Examining data/astrometry.net-0.80+dfsg/util/tabsort.c
Examining data/astrometry.net-0.80+dfsg/util/test_svd.c
Examining data/astrometry.net-0.80+dfsg/util/eigen-math-c.c
Examining data/astrometry.net-0.80+dfsg/util/index.c
Examining data/astrometry.net-0.80+dfsg/util/an-endian.c
Examining data/astrometry.net-0.80+dfsg/util/test_starutil.c
Examining data/astrometry.net-0.80+dfsg/util/sparsematrix.c
Examining data/astrometry.net-0.80+dfsg/util/scamp-catalog.c
Examining data/astrometry.net-0.80+dfsg/util/starkd.c
Examining data/astrometry.net-0.80+dfsg/util/test_bt.c
Examining data/astrometry.net-0.80+dfsg/util/dallpeaks.c
Examining data/astrometry.net-0.80+dfsg/util/ioutils.c
Examining data/astrometry.net-0.80+dfsg/util/hpsplit.c
Examining data/astrometry.net-0.80+dfsg/util/test_fit_wcs.c
Examining data/astrometry.net-0.80+dfsg/util/test_fitstable.c
Examining data/astrometry.net-0.80+dfsg/util/test_big_tables.c
Examining data/astrometry.net-0.80+dfsg/util/cutest.h
Examining data/astrometry.net-0.80+dfsg/util/dobjects.c
Examining data/astrometry.net-0.80+dfsg/util/fileutils.c
Examining data/astrometry.net-0.80+dfsg/util/xylist.c
Examining data/astrometry.net-0.80+dfsg/util/starutil.c
Examining data/astrometry.net-0.80+dfsg/util/histogram.h
Examining data/astrometry.net-0.80+dfsg/util/test_fitsioutils.c
Examining data/astrometry.net-0.80+dfsg/util/sip_qfits.c
Examining data/astrometry.net-0.80+dfsg/util/ctmf.c
Examining data/astrometry.net-0.80+dfsg/util/rdlist.c
Examining data/astrometry.net-0.80+dfsg/util/test_sip-utils.c
Examining data/astrometry.net-0.80+dfsg/util/wcs-rd2xy.c
Examining data/astrometry.net-0.80+dfsg/util/dsmooth.c
Examining data/astrometry.net-0.80+dfsg/util/boilerplate.h
Examining data/astrometry.net-0.80+dfsg/util/scamp.c
Examining data/astrometry.net-0.80+dfsg/util/md5.c
Examining data/astrometry.net-0.80+dfsg/util/os-features.c
Examining data/astrometry.net-0.80+dfsg/util/wcs-to-tan.c
Examining data/astrometry.net-0.80+dfsg/util/histogram2d.h
Examining data/astrometry.net-0.80+dfsg/util/test_qsort_r.c
Examining data/astrometry.net-0.80+dfsg/util/bl-nl.c
Examining data/astrometry.net-0.80+dfsg/util/wcs-xy2rd-main.c
Examining data/astrometry.net-0.80+dfsg/util/bl-sort.c
Examining data/astrometry.net-0.80+dfsg/util/cairoutils.c
Examining data/astrometry.net-0.80+dfsg/util/an-pnmtofits.c
Examining data/astrometry.net-0.80+dfsg/util/test_healpix.c
Examining data/astrometry.net-0.80+dfsg/util/fitstable.c
Examining data/astrometry.net-0.80+dfsg/util/qidxfile.c
Examining data/astrometry.net-0.80+dfsg/util/test_wcs.c
Examining data/astrometry.net-0.80+dfsg/util/qsort_reentrant.c
Examining data/astrometry.net-0.80+dfsg/util/downsample-fits.c
Examining data/astrometry.net-0.80+dfsg/util/cfitsutils.h
Examining data/astrometry.net-0.80+dfsg/util/intmap.c
Examining data/astrometry.net-0.80+dfsg/util/dcen3x3.c
Examining data/astrometry.net-0.80+dfsg/util/test_multiindex.c
Examining data/astrometry.net-0.80+dfsg/util/wcs-pv2sip.c
Examining data/astrometry.net-0.80+dfsg/util/sip.c
Examining data/astrometry.net-0.80+dfsg/util/errors.c
Examining data/astrometry.net-0.80+dfsg/util/wcs-match.c
Examining data/astrometry.net-0.80+dfsg/util/wcs-rd2xy-main.c
Examining data/astrometry.net-0.80+dfsg/util/test_fitsbin.c
Examining data/astrometry.net-0.80+dfsg/util/dsigma.c
Examining data/astrometry.net-0.80+dfsg/include/astrometry/plotmatch.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/index.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/resample.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/tabsort.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/fitsfile.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/an-endian.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/unpermute-quads.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/merge-index.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/plotradec.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/sip-utils.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/engine.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/axyfile.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/qfits_float.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/an-thread-pthreads.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/qfits_rw.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/nomad-fits.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/starutil.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/xylist.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/kdtree.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/sip_qfits.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/brightstars.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/fileutils.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/blindutils.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/ioutils.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/dualtree.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/quad-utils.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/qfits_error.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/starkd.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/scamp-catalog.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/matchfile.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/plotannotations.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/bl-nl.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/solver.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/cairoutils.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/bl-sort.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/hd.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/plotstuff.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/build-index.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/os-features.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/wcs-rd2xy.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/ctmf.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/rdlist.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/scamp.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/errors.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/sip.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/constellations.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/plotoutline.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/intmap.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/dualtree_rangesearch.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/qfits_memory.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/wcs-pv2sip.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/2mass.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/uniformize-catalog.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/plotimage.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/catalog.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/image2xy-files.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/unpermute-stars.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/fitstable.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/qfits_md5.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/qidxfile.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/resort-xylist.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/new-wcs.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/constellation-boundaries.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/codetree.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/qfits_table.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/eigen-math.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/qfits_convert.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/qfits_time.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/kdtree_fits_io.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/hpquads.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/image2xy.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/plothealpix.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/plotgrid.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/plotindex.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/qfits_tools.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/log.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/bl.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/qfits_byteswap.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/tic.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/augment-xylist.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/nomad.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/qfits_card.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/convolve-image.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/dualtree_nearestneighbour.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/fits-guess-scale.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/ucac4.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/solvedfile.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/permutedsort.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/plotxy.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/2mass-fits.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/wcs-xy2rd.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/bt.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/allquads.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/starxy.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/tweak2.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/codefile.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/an-bool.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/qfits_keywords.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/tweak.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/usnob-fits.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/matchobj.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/healpix.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/gslutils.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/an-opts.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/usnob.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/openngc.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/keywords.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/indexset.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/dimage.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/multiindex.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/anqfits.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/tycho2.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/healpix-utils.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/mathutil.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/qfits_std.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/coadd.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/qfits_image.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/an-thread.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/fitsbin.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/qfits_config.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/tpv.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/quadfile.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/fit-wcs.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/datalog.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/anwcs.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/plotfill.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/blind.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/simplexy.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/simplexy-common.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/quad-builder.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/tycho2-fits.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/ucac3.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/verify.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/qfits_header.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/fitsioutils.h
Examining data/astrometry.net-0.80+dfsg/include/astrometry/codekd.h
Examining data/astrometry.net-0.80+dfsg/qfits-an/qfits_tools.c
Examining data/astrometry.net-0.80+dfsg/qfits-an/qfits_byteswap.c
Examining data/astrometry.net-0.80+dfsg/qfits-an/qfits_time.c
Examining data/astrometry.net-0.80+dfsg/qfits-an/qfits_convert.c
Examining data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c
Examining data/astrometry.net-0.80+dfsg/qfits-an/test/pixset.h
Examining data/astrometry.net-0.80+dfsg/qfits-an/test/test_pixio.c
Examining data/astrometry.net-0.80+dfsg/qfits-an/test/test_tfits.c
Examining data/astrometry.net-0.80+dfsg/qfits-an/test/test_xmem_stress.c
Examining data/astrometry.net-0.80+dfsg/qfits-an/test/test_xmem.c
Examining data/astrometry.net-0.80+dfsg/qfits-an/test/test_qfits.c
Examining data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c
Examining data/astrometry.net-0.80+dfsg/qfits-an/anqfits.c
Examining data/astrometry.net-0.80+dfsg/qfits-an/qfits_image.c
Examining data/astrometry.net-0.80+dfsg/qfits-an/md5.h
Examining data/astrometry.net-0.80+dfsg/qfits-an/qfits_header.c
Examining data/astrometry.net-0.80+dfsg/qfits-an/qfits_float.c
Examining data/astrometry.net-0.80+dfsg/qfits-an/qfits_rw.c
Examining data/astrometry.net-0.80+dfsg/qfits-an/qfits_error.c
Examining data/astrometry.net-0.80+dfsg/qfits-an/md5.c
Examining data/astrometry.net-0.80+dfsg/qfits-an/qfits_md5.c
Examining data/astrometry.net-0.80+dfsg/qfits-an/qfits_memory.c
Examining data/astrometry.net-0.80+dfsg/libkd/kdtree_fits_io.c
Examining data/astrometry.net-0.80+dfsg/libkd/test-quickselect.c
Examining data/astrometry.net-0.80+dfsg/libkd/kdint_etype_f.h
Examining data/astrometry.net-0.80+dfsg/libkd/test_libkd_common.c
Examining data/astrometry.net-0.80+dfsg/libkd/kdtree_internal.h
Examining data/astrometry.net-0.80+dfsg/libkd/checktree.c
Examining data/astrometry.net-0.80+dfsg/libkd/kdint_ttype_u.h
Examining data/astrometry.net-0.80+dfsg/libkd/kdint_dss.c
Examining data/astrometry.net-0.80+dfsg/libkd/dualtree_nearestneighbour.c
Examining data/astrometry.net-0.80+dfsg/libkd/kdint_dtype_f.h
Examining data/astrometry.net-0.80+dfsg/libkd/kdint_dtype_s.h
Examining data/astrometry.net-0.80+dfsg/libkd/kdint_dds.c
Examining data/astrometry.net-0.80+dfsg/libkd/qptst.c
Examining data/astrometry.net-0.80+dfsg/libkd/kdint_ttype_d.h
Examining data/astrometry.net-0.80+dfsg/libkd/kdtree_internal_dualtree.c
Examining data/astrometry.net-0.80+dfsg/libkd/kdtree_mem.h
Examining data/astrometry.net-0.80+dfsg/libkd/test_libkd_io.c
Examining data/astrometry.net-0.80+dfsg/libkd/kdint_etype_s.h
Examining data/astrometry.net-0.80+dfsg/libkd/kdint_duu.c
Examining data/astrometry.net-0.80+dfsg/libkd/kdint_etype_d.h
Examining data/astrometry.net-0.80+dfsg/libkd/pyspherematch.c
Examining data/astrometry.net-0.80+dfsg/libkd/kdtree_internal.c
Examining data/astrometry.net-0.80+dfsg/libkd/dualtree.c
Examining data/astrometry.net-0.80+dfsg/libkd/kdint_dtype_d.h
Examining data/astrometry.net-0.80+dfsg/libkd/kdtree_internal_fits.c
Examining data/astrometry.net-0.80+dfsg/libkd/kdint_ddd.c
Examining data/astrometry.net-0.80+dfsg/libkd/test_dualtree_nn.c
Examining data/astrometry.net-0.80+dfsg/libkd/kdtree_dim.c
Examining data/astrometry.net-0.80+dfsg/libkd/kdint_ttype_s.h
Examining data/astrometry.net-0.80+dfsg/libkd/kdtree.c
Examining data/astrometry.net-0.80+dfsg/libkd/kdint_ttype_f.h
Examining data/astrometry.net-0.80+dfsg/libkd/demo.c
Examining data/astrometry.net-0.80+dfsg/libkd/kdint_dtype_u.h
Examining data/astrometry.net-0.80+dfsg/libkd/kdint_ddu.c
Examining data/astrometry.net-0.80+dfsg/libkd/kdtree_internal_common.h
Examining data/astrometry.net-0.80+dfsg/libkd/test_libkd.c
Examining data/astrometry.net-0.80+dfsg/libkd/kdint_etype_u.h
Examining data/astrometry.net-0.80+dfsg/libkd/kdtree_internal_dists.c
Examining data/astrometry.net-0.80+dfsg/libkd/an-fls.h
Examining data/astrometry.net-0.80+dfsg/libkd/dualtree_rangesearch.c
Examining data/astrometry.net-0.80+dfsg/libkd/kdint_fff.c
Examining data/astrometry.net-0.80+dfsg/libkd/kdtree_mem.c
Examining data/astrometry.net-0.80+dfsg/libkd/fix-bb.c
Examining data/astrometry.net-0.80+dfsg/catalogs/stellarium-constellations.c
Examining data/astrometry.net-0.80+dfsg/catalogs/ucac3tofits.c
Examining data/astrometry.net-0.80+dfsg/catalogs/test_boundaries.c
Examining data/astrometry.net-0.80+dfsg/catalogs/test_nomad.c
Examining data/astrometry.net-0.80+dfsg/catalogs/constellation-boundaries.c
Examining data/astrometry.net-0.80+dfsg/catalogs/usnobtofits.c
Examining data/astrometry.net-0.80+dfsg/catalogs/ucac3-fits.c
Examining data/astrometry.net-0.80+dfsg/catalogs/tycho2tostellarium.c
Examining data/astrometry.net-0.80+dfsg/catalogs/constellation-boundaries-data.c
Examining data/astrometry.net-0.80+dfsg/catalogs/2mass-fits.c
Examining data/astrometry.net-0.80+dfsg/catalogs/ucac4.c
Examining data/astrometry.net-0.80+dfsg/catalogs/nomad.c
Examining data/astrometry.net-0.80+dfsg/catalogs/tycho2.c
Examining data/astrometry.net-0.80+dfsg/catalogs/test_hd.c
Examining data/astrometry.net-0.80+dfsg/catalogs/tycho2tofits.c
Examining data/astrometry.net-0.80+dfsg/catalogs/nomadtofits.c
Examining data/astrometry.net-0.80+dfsg/catalogs/brightstars-data.c
Examining data/astrometry.net-0.80+dfsg/catalogs/openngc.c
Examining data/astrometry.net-0.80+dfsg/catalogs/usnob.c
Examining data/astrometry.net-0.80+dfsg/catalogs/usnob-fits.c
Examining data/astrometry.net-0.80+dfsg/catalogs/test_usnob.c
Examining data/astrometry.net-0.80+dfsg/catalogs/grab-stellarium-constellations.c
Examining data/astrometry.net-0.80+dfsg/catalogs/usnob-scamp-catalog.c
Examining data/astrometry.net-0.80+dfsg/catalogs/ucac3.c
Examining data/astrometry.net-0.80+dfsg/catalogs/read_nomad.c
Examining data/astrometry.net-0.80+dfsg/catalogs/tycho2-fits.c
Examining data/astrometry.net-0.80+dfsg/catalogs/ucac4-fits.h
Examining data/astrometry.net-0.80+dfsg/catalogs/ucac4tofits.c
Examining data/astrometry.net-0.80+dfsg/catalogs/ucac3-fits.h
Examining data/astrometry.net-0.80+dfsg/catalogs/brightstars.c
Examining data/astrometry.net-0.80+dfsg/catalogs/nomad-fits.c
Examining data/astrometry.net-0.80+dfsg/catalogs/test_2mass.c
Examining data/astrometry.net-0.80+dfsg/catalogs/test_tycho2.c
Examining data/astrometry.net-0.80+dfsg/catalogs/hd.c
Examining data/astrometry.net-0.80+dfsg/catalogs/ucac4-fits.c
Examining data/astrometry.net-0.80+dfsg/catalogs/build-hd-tree.c
Examining data/astrometry.net-0.80+dfsg/catalogs/2masstofits.c
Examining data/astrometry.net-0.80+dfsg/catalogs/2mass.c
Examining data/astrometry.net-0.80+dfsg/catalogs/constellations.c
FINAL RESULTS:
data/astrometry.net-0.80+dfsg/blind/agreeable.c:381:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fn, solvedfile, fieldfile);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:626:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, "%sSAO", prefix);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:633:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, "%sA%i%i", prefix, m, n);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:635:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, "%sB%i%i", prefix, m, n);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:642:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, "%sSAPO", prefix);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:648:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, "%sAP%i%i", prefix, m, n);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:650:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, "%sBP%i%i", prefix, m, n);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1382:17: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, keys[j], I);
data/astrometry.net-0.80+dfsg/blind/blind.c:1265:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(wcs_fn, sizeof(wcs_fn), bp->wcs_template, mo->fieldnum);
data/astrometry.net-0.80+dfsg/blind/certifiable.c:173:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fn, rdlsfname, fileid);
data/astrometry.net-0.80+dfsg/blind/checkquads.c:41:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, HelpString);
data/astrometry.net-0.80+dfsg/blind/checkquads.c:50:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, HelpString);
data/astrometry.net-0.80+dfsg/blind/demo_dsmooth.c:120:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fullpath, namelist[n]->d_name);
data/astrometry.net-0.80+dfsg/blind/demo_dsmooth.c:123:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outpath_old, namelist[n]->d_name);
data/astrometry.net-0.80+dfsg/blind/demo_dsmooth.c:129:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outpath_new, namelist[n]->d_name);
data/astrometry.net-0.80+dfsg/blind/diffractionFlag_check.c:53:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fname, fn, fnum1, fnum1,fnum);
data/astrometry.net-0.80+dfsg/blind/engine.c:620:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, "%sSAO", prefix);
data/astrometry.net-0.80+dfsg/blind/engine.c:631:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, "%sA%i%i", prefix, i, j);
data/astrometry.net-0.80+dfsg/blind/engine.c:633:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, "%sB%i%i", prefix, i, j);
data/astrometry.net-0.80+dfsg/blind/engine.c:638:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, "%sSAPO", prefix);
data/astrometry.net-0.80+dfsg/blind/engine.c:649:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, "%sAP%i%i", prefix, i, j);
data/astrometry.net-0.80+dfsg/blind/engine.c:651:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, "%sBP%i%i", prefix, i, j);
data/astrometry.net-0.80+dfsg/blind/engine.c:917:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, keys[j], n);
data/astrometry.net-0.80+dfsg/blind/ftverify.c:268:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg,"Clobber is not set. Cannot overwrite the file%s",p);
data/astrometry.net-0.80+dfsg/blind/ftverify.c:313:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(comm,"%s %s (CFITSIO V%.3f)",task,tversion,fversion);
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:372:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(errmes,errtmp);
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:387:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(errmes,errtmp);
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:394:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(errmes,errtmp);
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:582:22: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(errmes,comm);
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:676:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(errmes, floatvalue);
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:706:26: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(errmes, floatvalue);
data/astrometry.net-0.80+dfsg/blind/fvrf_file.c:46:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (hduname[i]->extname,extname);
data/astrometry.net-0.80+dfsg/blind/fvrf_file.c:135:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,p->extname);
data/astrometry.net-0.80+dfsg/blind/fvrf_file.c:138:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp,temp1);
data/astrometry.net-0.80+dfsg/blind/fvrf_file.c:142:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(comm," %-5d %-20s Image Array %-4d %-4d ",
data/astrometry.net-0.80+dfsg/blind/fvrf_file.c:147:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(comm," %-5d %-20s ASCII Table %-4d %-4d ",
data/astrometry.net-0.80+dfsg/blind/fvrf_file.c:152:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(comm," %-5d %-20s Binary Table %-4d %-4d ",
data/astrometry.net-0.80+dfsg/blind/fvrf_file.c:157:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(comm," %-5d %-20s Unknown HDU %-4d %-4d ",
data/astrometry.net-0.80+dfsg/blind/fvrf_file.c:166:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(comm," End-of-file %-30s %-4d %-4d ", "", iwrn,ierr);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:67:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(comm,"File: %s",pfile);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:238:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:322:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:332:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes, "Keyword #%d, %s is duplicated.",
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:380:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:504:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hduptr->extname,kwds[k]->kvalue);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:586:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,cfltkeys[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:603:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:613:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:624:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:633:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:675:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,cfltnkeys[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:690:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,cflt_keys[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:716:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:725:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:740:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:749:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:784:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,cstrkeys[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:805:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:814:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:841:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:849:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,rastrkeys[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:867:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:878:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,specstrkeys[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:898:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:949:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,exlkey[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:954:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1000:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1020:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1038:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1065:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,"Keyword #%d, %s ",
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1074:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,"Keyword #%d, %s: ",
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1083:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1102:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,"Keyword #%d, %s ",
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1113:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1131:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,"Keyword #%d, %s ",
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1142:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1235:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,exlkey[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1240:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1248:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,exlnkey[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1259:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1358:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1370:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,"Keyword #%d, %s: The scaling factor is 0.",
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1378:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,exlkeys[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1384:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1393:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,exlnkeys[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1404:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1413:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,fltkeys[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1425:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,strkeys[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1609:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1632:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,"Keyword #%d, %s: TFORM=\"%s\" ",
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1644:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1654:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1679:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1698:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,"Keyword #%d, %s: TDISP=\"%s\" ",
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1708:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1721:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1727:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1738:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1744:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1764:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1774:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1792:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1806:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1836:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1850:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1878:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1885:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1897:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,exlkey[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1902:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1935:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,cfltkeys[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1951:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1961:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,cstrkeys[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1977:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2036:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2056:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2074:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,"Keyword #%d, %s: Scaling factor is zero.",
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2080:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2087:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2104:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2111:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2127:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2138:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2205:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2215:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2223:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,"Keyword #%d, %s: The value %ld",
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2231:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,"Keyword #%d, %s: The value %ld",
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2247:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,"Keyword #%d, %s:",
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2255:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2264:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2282:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2291:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2346:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,"Keyword #%d, %s: TDIM=\"%s\" ",
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2355:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2362:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,"Keyword #%d, %s: ",
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2376:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2384:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,exlkeys[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2395:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2461:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2478:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2484:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2497:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2513:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,"Keyword #%d, %s: ", kwds[j]->kindex,kwds[j]->kname);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2520:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2530:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,strkey[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2538:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,intkey[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2546:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,fltkey[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2555:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2656:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttypecopy[i],ttype[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2682:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2717:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2751:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,tform[colnum-1]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2756:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,"Illegal repeat value for value %s of TFORM%d.",
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2763:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2775:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes, "Bad value of TFORM%d: %s.",colnum,tform[colnum-1]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2781:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes, "Bad value of TFORM%d: %s.",colnum,tform[colnum-1]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2843:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(htemp,"%4d | %s",i,cards[i-1]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2877:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(extnv, "%s",hduptr->extname);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2880:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(extnv,extver);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2884:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(comm," %s (%d columns x %lld rows)", extnv, hduptr->ncols,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2887:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(comm," %s (%d columns x %ld rows)", extnv, hduptr->ncols,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2898:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(extnv,"%s (%s)",ttype[i],tunit[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2900:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(extnv,"%s",ttype[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2939:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comm,temp);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2942:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comm,temp);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2949:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comm,temp);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2959:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comm,temp);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2970:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(extnv, "%s",hduptr->extname);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2973:20: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(extnv,extver);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2976:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comm,extnv);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:3007:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comm,temp);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:3010:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comm,temp);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:3017:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comm,temp);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:3027:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comm,temp);
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:34:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,"card %s is > 80.",card);
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:54:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,"Keyword #%d: Name %s is not left justified.",
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:63:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:81:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(kcomm, p);
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:85:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:120:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(kcomm, p);
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:124:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:337:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(card,*pt); /* save the original */
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:432:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,*pt);
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:439:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(kvalue, p1);
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:454:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:460:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:466:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,"Keyword #%d, %s: Bad logical value \"%s\".",
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:471:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,"Keyword #%d, %s: Bad numerical value \"%s\".",
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:476:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:482:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:488:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:494:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:500:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:506:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:512:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:518:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:526:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:538:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,"Keyword #%d, %s has a null value; expected a string.",
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:543:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,"Keyword #%d, %s: \"%s\" is not a string.",
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:554:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,"Keyword #%d, %s has a null value; expected an integer.",
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:559:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,"Keyword #%d, %s: value = %s is not an integer.",
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:571:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,"Keyword #%d, %s has a null value; expected a float.",
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:576:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:590:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:604:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:617:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_misc.c:48:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp,mess);
data/astrometry.net-0.80+dfsg/blind/fvrf_misc.c:68:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp,mess);
data/astrometry.net-0.80+dfsg/blind/fvrf_misc.c:108:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp,mess);
data/astrometry.net-0.80+dfsg/blind/fvrf_misc.c:110:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp,ttemp);
data/astrometry.net-0.80+dfsg/blind/fvrf_misc.c:153:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp,mess);
data/astrometry.net-0.80+dfsg/blind/fvrf_misc.c:165:37: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
for(i=0; i<=nstack; i++) fprintf(out,errfmt,tmp[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_misc.c:170:37: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
for(i=0; i<=nstack; i++) fprintf(stdout,errfmt,tmp[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_misc.c:173:37: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
for(i=0; i<=nstack; i++) fprintf(stderr,errfmt,tmp[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_misc.c:257:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,cont_fmt,tmp);
data/astrometry.net-0.80+dfsg/blind/fvrf_misc.c:285:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, title);
data/astrometry.net-0.80+dfsg/blind/hpowned.c:96:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(format, i);
data/astrometry.net-0.80+dfsg/blind/matchobj.c:65:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, prefix);
data/astrometry.net-0.80+dfsg/blind/modhead.c:73:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newcard, argv[2]); /* copy keyword name */
data/astrometry.net-0.80+dfsg/blind/modhead.c:75:25: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newcard, argv[3]); /* new value */
data/astrometry.net-0.80+dfsg/blind/modhead.c:78:29: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newcard, argv[4]); /* append the comment */
data/astrometry.net-0.80+dfsg/blind/modhead.c:82:29: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newcard, comment); /* append the comment */
data/astrometry.net-0.80+dfsg/blind/new-wcs.c:177:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(key, newkey);
data/astrometry.net-0.80+dfsg/blind/new-wcs.c:234:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(key, newkey);
data/astrometry.net-0.80+dfsg/blind/plotgrid.c:41:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, fmt, x);
data/astrometry.net-0.80+dfsg/blind/plotstuff.c:1093:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ATTRIB_FORMAT(printf,2,3)
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:682:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r,name);
data/astrometry.net-0.80+dfsg/blind/randcat.c:28:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, HelpString);
data/astrometry.net-0.80+dfsg/blind/randcat.c:58:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, HelpString);
data/astrometry.net-0.80+dfsg/blind/randcat.c:67:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, HelpString);
data/astrometry.net-0.80+dfsg/blind/solve-field.c:118:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
rtn = system(cmd);
data/astrometry.net-0.80+dfsg/blind/test_matchfile.c:84:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(entry1.fieldname, "%s", "Hello Kitty");
data/astrometry.net-0.80+dfsg/blind/tweak2.c:172:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "tweak-%03i-%s.png", plotnum, name);
data/astrometry.net-0.80+dfsg/catalogs/2masstofits.c:119:17: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fn, outfn, hp);
data/astrometry.net-0.80+dfsg/catalogs/grab-stellarium-constellations.c:144:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (fscanf(fconst, "%s %d ", shortname, &nlines) != 2) {
data/astrometry.net-0.80+dfsg/catalogs/nomadtofits.c:166:17: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fn, outfn, hp);
data/astrometry.net-0.80+dfsg/catalogs/tycho2tofits.c:166:17: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fn, outfn, hp);
data/astrometry.net-0.80+dfsg/catalogs/ucac3tofits.c:142:17: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fn, outfn, hp);
data/astrometry.net-0.80+dfsg/catalogs/ucac4tofits.c:142:17: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fn, outfn, hp);
data/astrometry.net-0.80+dfsg/catalogs/usnobtofits.c:177:17: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fn, outfn, hp);
data/astrometry.net-0.80+dfsg/include/astrometry/bl-nl.h:53:28: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
InlineDeclare number* NLF(access)(nl* list, size_t n);
data/astrometry.net-0.80+dfsg/include/astrometry/bl.h:207:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ATTRIB_FORMAT(printf,2,3)
data/astrometry.net-0.80+dfsg/include/astrometry/bl.h:263:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ATTRIB_FORMAT(printf,2,3)
data/astrometry.net-0.80+dfsg/include/astrometry/bl.h:271:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ATTRIB_FORMAT(printf,3,4)
data/astrometry.net-0.80+dfsg/include/astrometry/datalog.h:54:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ATTRIB_FORMAT(printf, 3, 4)
data/astrometry.net-0.80+dfsg/include/astrometry/errors.h:53:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ATTRIB_FORMAT(printf,4,5)
data/astrometry.net-0.80+dfsg/include/astrometry/errors.h:119:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ATTRIB_FORMAT(printf,5,6)
data/astrometry.net-0.80+dfsg/include/astrometry/fitsioutils.h:82:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ATTRIB_FORMAT(printf,4,5)
data/astrometry.net-0.80+dfsg/include/astrometry/fitsioutils.h:87:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ATTRIB_FORMAT(printf,4,5)
data/astrometry.net-0.80+dfsg/include/astrometry/fitsioutils.h:94:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ATTRIB_FORMAT(printf,4,5)
data/astrometry.net-0.80+dfsg/include/astrometry/fitsioutils.h:130:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ATTRIB_FORMAT(printf,2,3)
data/astrometry.net-0.80+dfsg/include/astrometry/fitsioutils.h:134:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ATTRIB_FORMAT(printf,2,3)
data/astrometry.net-0.80+dfsg/include/astrometry/fitsioutils.h:138:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ATTRIB_FORMAT(printf,2,3)
data/astrometry.net-0.80+dfsg/include/astrometry/ioutils.h:65:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ATTRIB_FORMAT(printf,2,3)
data/astrometry.net-0.80+dfsg/include/astrometry/log.h:88:34: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 4, 5)));
data/astrometry.net-0.80+dfsg/include/astrometry/log.h:95:29: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 5, 6)));
data/astrometry.net-0.80+dfsg/include/astrometry/plotstuff.h:186:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ATTRIB_FORMAT(printf,2,3)
data/astrometry.net-0.80+dfsg/libkd/kdtree.c:148:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fmt, "lr", n, "leaves", sz, mem, 1e-6*mem);
data/astrometry.net-0.80+dfsg/libkd/kdtree.c:155:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fmt, "perm", n, "points", sz, mem, 1e-6*mem);
data/astrometry.net-0.80+dfsg/libkd/kdtree.c:162:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fmt, "bbox", n, "nodes", sz, mem, 1e-6*mem);
data/astrometry.net-0.80+dfsg/libkd/kdtree.c:169:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fmt, "split", n, "splits", sz, mem, 1e-6*mem);
data/astrometry.net-0.80+dfsg/libkd/kdtree.c:176:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fmt, "splitdim", n, "splits", sz, mem, 1e-6*mem);
data/astrometry.net-0.80+dfsg/libkd/kdtree.c:186:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fmt, "data", n, "points", sz, mem, 1e-6*mem);
data/astrometry.net-0.80+dfsg/libkd/kdtree.c:299:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s%s%s%s",
data/astrometry.net-0.80+dfsg/libkd/kdtree_internal.c:21:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define WARNING(x, ...) fprintf(stderr, x, ## __VA_ARGS__)
data/astrometry.net-0.80+dfsg/libkd/kdtree_internal.h:38:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, #func ": unimplemented treetype %#x.\n", tt); \
data/astrometry.net-0.80+dfsg/qfits-an/anqfits.c:38:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define debug printf
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:121:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "%s ", key);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:135:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(cval, val);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:139:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(ccom, com);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:149:23: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (hierarch) sprintf(safe_line, "%-29s= %s / %s", key, cval, ccom);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:150:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf(safe_line, "%-8.8s= %20s / %-48s", key, cval, ccom);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:159:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(safe_line, "%-29s= / %s", key, ccom);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:161:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(safe_line, "%-8.8s= / %-48s", key, ccom);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:186:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(safe_line, "%-29s= '%s' / %s", key, cval_q, ccom);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:190:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(safe_line, "%-8.8s= '%-8s' / %s", key, cval_q, ccom);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:484:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(expanded, token);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_error.c:103:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(msg, fmt, ap);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_error.c:106:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(all, "*** %s", msg);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_error.c:121:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(msg, fmt, ap);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_error.c:124:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(all, "error: %s", msg);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_header.c:634:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pretty, defaultval);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_header.c:715:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (key!=NULL) strcpy(key, k->key);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_header.c:717:27: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (k->val!=NULL) strcpy(val, k->val);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_header.c:721:27: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (k->com!=NULL) strcpy(com, k->com);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_header.c:725:27: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (k->lin!=NULL) strcpy(lin, k->lin);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_memory.c:1147:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return strcpy(t, s);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_memory.c:1274:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(p, str);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_memory.c:1569:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(qfits_mem_tmpfilename, "%s/vmswap_%05ld_%05x",
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:195:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_val2, "'%s'", qfits_build_format(curr_col));
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:199:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_val2, "%s", curr_col->tlabel);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:204:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_val2, "%s", curr_col->tunit);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:226:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_val, "'%s'", date);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:249:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_val, "'%s'", date);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:257:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_val2, "%s", curr_col->tlabel);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:261:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_val2, "'%s'", qfits_build_format(curr_col));
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:271:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_val2, "%s", curr_col->tunit);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:320:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qt->filename, filename);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:386:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qc->tlabel, label);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:389:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qc->tunit, unit);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:392:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qc->nullval, nullval);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:395:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qc->tdisp, disp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1842:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1955:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1966:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1971:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1976:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1980:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1993:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1998:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2003:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2007:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2020:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2025:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2030:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2034:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2046:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2051:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2056:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2060:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2072:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2077:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2082:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2086:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2098:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2103:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2108:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2112:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2121:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2125:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2133:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2137:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2145:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2149:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmp, ctmp);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2184:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(l, s);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_tools.c:98:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pretty, s);
data/astrometry.net-0.80+dfsg/qfits-an/test/test_pixio.c:86:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, ap);
data/astrometry.net-0.80+dfsg/qfits-an/test/test_pixio.c:97:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/astrometry.net-0.80+dfsg/qfits-an/test/test_pixio.c:189:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename,
data/astrometry.net-0.80+dfsg/qfits-an/test/test_pixio.c:215:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename,
data/astrometry.net-0.80+dfsg/qfits-an/test/test_pixio.c:241:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename,
data/astrometry.net-0.80+dfsg/qfits-an/test/test_pixio.c:375:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename,
data/astrometry.net-0.80+dfsg/qfits-an/test/test_pixio.c:418:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename,
data/astrometry.net-0.80+dfsg/qfits-an/test/test_pixio.c:461:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename,
data/astrometry.net-0.80+dfsg/qfits-an/test/test_pixio.c:504:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename,
data/astrometry.net-0.80+dfsg/qfits-an/test/test_pixio.c:548:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename,
data/astrometry.net-0.80+dfsg/qfits-an/test/test_pixio.c:556:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename,
data/astrometry.net-0.80+dfsg/qfits-an/test/test_pixio.c:564:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename,
data/astrometry.net-0.80+dfsg/qfits-an/test/test_qfits.c:83:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, ap);
data/astrometry.net-0.80+dfsg/qfits-an/test/test_qfits.c:94:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/astrometry.net-0.80+dfsg/qfits-an/test/test_tfits.c:67:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, ap);
data/astrometry.net-0.80+dfsg/qfits-an/test/test_tfits.c:78:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/astrometry.net-0.80+dfsg/qfits-an/test/test_tfits.c:325:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(filename, srcdir) ;
data/astrometry.net-0.80+dfsg/qfits-an/test/test_tfits.c:326:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(filename, BIN_TABLE_NAME) ;
data/astrometry.net-0.80+dfsg/qfits-an/test/test_tfits.c:334:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(filename, srcdir) ;
data/astrometry.net-0.80+dfsg/qfits-an/test/test_tfits.c:335:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(filename, ASCII_TABLE_NAME) ;
data/astrometry.net-0.80+dfsg/sdss/cutils_wrap.c:682:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r,name);
data/astrometry.net-0.80+dfsg/util/anwcs.c:406:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(line, sizeof(line), hdrformat, "SIMPLE", "T", spaces);
data/astrometry.net-0.80+dfsg/util/anwcs.c:408:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(line, sizeof(line), hdrformat, "BITPIX", "8", spaces);
data/astrometry.net-0.80+dfsg/util/anwcs.c:410:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(line, sizeof(line), hdrformat, "NAXIS", "0", spaces);
data/astrometry.net-0.80+dfsg/util/anwcs.c:412:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(line, sizeof(line), hdrformat, "EXTEND", "T", spaces);
data/astrometry.net-0.80+dfsg/util/anwcs.c:416:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(line, sizeof(line), hdrformat, "IMAGEW", val, spaces);
data/astrometry.net-0.80+dfsg/util/anwcs.c:419:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(line, sizeof(line), hdrformat, "IMAGEH", val, spaces);
data/astrometry.net-0.80+dfsg/util/anwcs.c:1577:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(code, "RA---%s", wcscode);
data/astrometry.net-0.80+dfsg/util/anwcs.c:1579:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(code, "DEC--%s", wcscode);
data/astrometry.net-0.80+dfsg/util/anwcs.c:1633:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(code, "RA---%s", wcscode);
data/astrometry.net-0.80+dfsg/util/anwcs.c:1635:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(code, "DEC--%s", wcscode);
data/astrometry.net-0.80+dfsg/util/bt.c:691:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(subind, "%s%s", indent, addind);
data/astrometry.net-0.80+dfsg/util/bt.c:729:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(subind, "%s%s", indent, addind);
data/astrometry.net-0.80+dfsg/util/cutest.c:61:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newStr, old);
data/astrometry.net-0.80+dfsg/util/cutest.c:105:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str->buffer, text);
data/astrometry.net-0.80+dfsg/util/cutest.c:121:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, format, argp);
data/astrometry.net-0.80+dfsg/util/cutest.c:188:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s:%d: ", file, line);
data/astrometry.net-0.80+dfsg/util/datalog.c:85:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(log->f, format, va);
data/astrometry.net-0.80+dfsg/util/errors.c:182:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(e->print, fmt, va);
data/astrometry.net-0.80+dfsg/util/fits-column-merge.c:117:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(btable->col[j].tlabel, "%s%s", atable->col[i].tlabel, suffix);
data/astrometry.net-0.80+dfsg/util/fitsgetext.c:190:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(fn, sizeof(fn), outfn, ext);
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:371:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), format, lst);
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:636:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), format, lst);
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:711:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(copy, "%s%.*s", (doindent ? indent : ""), nchars, str);
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:724:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ATTRIB_FORMAT(printf,4,5)
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:1055:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, fits_endian_string);
data/astrometry.net-0.80+dfsg/util/hpsplit.c:304:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, infn);
data/astrometry.net-0.80+dfsg/util/ioutils.c:434:13: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (execlp("/bin/sh", "/bin/sh", "-c", cmd, (char*)NULL)) {
data/astrometry.net-0.80+dfsg/util/ioutils.c:674:5: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
mktemp(tempdir);
data/astrometry.net-0.80+dfsg/util/ioutils.c:835:19: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return fn && (access(fn, F_OK) == 0);
data/astrometry.net-0.80+dfsg/util/ioutils.c:839:19: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return fn && (access(fn, R_OK) == 0);
data/astrometry.net-0.80+dfsg/util/ioutils.c:843:19: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return fn && (access(fn, X_OK) == 0);
data/astrometry.net-0.80+dfsg/util/log.c:98:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(logger->f, format, va);
data/astrometry.net-0.80+dfsg/util/sip.c:491:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, (p ? " " : " A = "));
data/astrometry.net-0.80+dfsg/util/sip.c:502:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, (p ? " " : " B = "));
data/astrometry.net-0.80+dfsg/util/sip.c:515:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, (p ? " " : " AP = "));
data/astrometry.net-0.80+dfsg/util/sip.c:525:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, (p ? " " : " BP = "));
data/astrometry.net-0.80+dfsg/util/sip_qfits.c:206:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, format, i, j);
data/astrometry.net-0.80+dfsg/util/sip_qfits.c:319:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, format, i, j);
data/astrometry.net-0.80+dfsg/util/test_errors.c:15:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, va);
data/astrometry.net-0.80+dfsg/util/test_fitsioutils.c:25:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,
data/astrometry.net-0.80+dfsg/util/test_log.c:49:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, va);
data/astrometry.net-0.80+dfsg/util/util_wrap.c:682:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r,name);
data/astrometry.net-0.80+dfsg/util/util_wrap.c:3033:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(x, ## __VA_ARGS__)
data/astrometry.net-0.80+dfsg/blind/add-text.c:66:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/blind/agreeable.c:90:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, argv, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/blind/allquads-main.c:83:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, argv, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/bgsubtract.c:28:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, args, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/build-index-main.c:100:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, argv, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/catalog_analysis.c:370:19: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ich = getopt(argc, argv, "N:I:")) != EOF)
data/astrometry.net-0.80+dfsg/blind/certifiable.c:74:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, argv, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/blind/checkquads.c:32:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, argv, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/codeprojections.c:141:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, argv, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/codetree-main.c:48:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, argv, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/control-program.c:182:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/create-scamp-catalog.c:45:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/blind/diffractionFlag_check.c:35:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/blind/dstnthing.c:232:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/blind/fits-guess-scale-main.c:33:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, argv, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/get-wcs.c:47:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, argv, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/hpgrid.c:54:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/blind/hpowned.c:47:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/blind/hpquads-main.c:80:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, argv, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/image2xy-main.c:83:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, argv, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/blind/index-info.c:39:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, argv, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/index-stats.c:42:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, args, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/index-to-table.c:38:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, argv, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/blind/keirthing.c:35:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/blind/local-index.c:90:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, argv, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/merge-index-main.c:41:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, args, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/mergesolved.c:36:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/blind/new-wcs-main.c:41:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, argv, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/plot-constellations.c:188:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(con);
data/astrometry.net-0.80+dfsg/blind/plot-constellations.c:269:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/blind/plot-xy-and-quad.c:80:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt(argc, args, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/plotannotations.c:169:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(con);
data/astrometry.net-0.80+dfsg/blind/plotquad.c:79:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt(argc, args, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/plotstuff-main.c:147:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt(argc, args, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/plotxy-main.c:86:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt(argc, args, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/printsolved.c:51:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/blind/quadcenters.c:51:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, args, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/quadidx.c:61:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, argv, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/quadscales.c:45:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, args, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/quadsperstar.c:40:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, args, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/query-starkd.c:54:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, argv, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/randcat.c:32:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, argv, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/randcat.c:71:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(RANDSEED);
data/astrometry.net-0.80+dfsg/blind/rdlstohealpix.c:42:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, args, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/resort-xylist-main.c:40:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, args, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/startree-main.c:71:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, argv, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/startree2rdls.c:45:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, args, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/subwcs.c:53:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/blind/test-solver-2.c:169:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt(argc, args, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/test-solver.c:245:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt(argc, args, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/test_resort-xylist.c:43:27: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
starxy_setx(s, i, random()%1000);
data/astrometry.net-0.80+dfsg/blind/test_resort-xylist.c:44:27: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
starxy_sety(s, i, random()%1000);
data/astrometry.net-0.80+dfsg/blind/test_tweak.c:278:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(42);
data/astrometry.net-0.80+dfsg/blind/tweak-main.c:83:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/blind/uniformize-catalog-main.c:64:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, argv, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/unpermute-quads-main.c:35:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, args, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/unpermute-stars-main.c:49:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, args, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/verify-main.c:81:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/blind/verify-paths.c:205:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt(argc, args, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/blind/wcs-grab.c:33:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/blind/whynot.c:142:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/catalogs/2masstofits.c:44:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/catalogs/build-hd-tree.c:182:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, args, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/catalogs/grab-stellarium-constellations.c:79:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/catalogs/nomadtofits.c:53:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/catalogs/tycho2tofits.c:45:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/catalogs/tycho2tostellarium.c:59:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/catalogs/ucac3tofits.c:60:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/catalogs/ucac4tofits.c:60:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/catalogs/usnob-scamp-catalog.c:56:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/catalogs/usnobtofits.c:55:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/libkd/checktree.c:34:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt(argc, args, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/libkd/fix-bb.c:43:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt(argc, args, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/libkd/qptst.c:33:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(t);
data/astrometry.net-0.80+dfsg/libkd/test-quickselect.c:24:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/astrometry.net-0.80+dfsg/libkd/test_dualtree_nn.c:47:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(0);
data/astrometry.net-0.80+dfsg/libkd/test_libkd.c:276:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(0);
data/astrometry.net-0.80+dfsg/libkd/test_libkd.c:339:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(0);
data/astrometry.net-0.80+dfsg/qfits-an/test/test_tfits.c:319:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
srcdir = strdup(getenv("srcdir")) ;
data/astrometry.net-0.80+dfsg/util/an-fitstopnm.c:70:54: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
x = margin + (nx - 2*margin) * ( (double)random() / (((double)RAND_MAX)+1.0) );
data/astrometry.net-0.80+dfsg/util/an-fitstopnm.c:71:54: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
y = margin + (ny - 2*margin) * ( (double)random() / (((double)RAND_MAX)+1.0) );
data/astrometry.net-0.80+dfsg/util/an-fitstopnm.c:129:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, argv, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/util/an-opts.c:93:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, optstring, longoptions, NULL);
data/astrometry.net-0.80+dfsg/util/an-pnmtofits.c:160:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/util/coadd-main.c:72:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt(argc, args, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/util/downsample-fits.c:59:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, argv, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/util/fileutils.c:64:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
pathenv = getenv("PATH");
data/astrometry.net-0.80+dfsg/util/fit-wcs-main.c:77:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/util/fits-column-merge.c:49:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt(argc, args, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/util/fits-flip-endian.c:46:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, argv, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/util/fitsgetext.c:59:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, argv, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/util/get-healpix.c:53:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/util/hpsplit.c:106:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, argv, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/util/ioutils.c:640:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* dir = getenv("TMP");
data/astrometry.net-0.80+dfsg/util/os-features.c:22:13: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
canon = realpath(fn, path);
data/astrometry.net-0.80+dfsg/util/pad-file.c:36:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/util/resample-main.c:154:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt(argc, args, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/util/search-index.c:44:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, argv, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/util/subtable.c:48:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, argv, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/util/tabsort-main.c:31:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt(argc, argv, OPTIONS)) != -1)
data/astrometry.net-0.80+dfsg/util/test_ioutils.c:196:21: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
c = random() % 256;
data/astrometry.net-0.80+dfsg/util/test_xylist.c:41:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(0);
data/astrometry.net-0.80+dfsg/util/util_wrap.c:3220:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ipivot = random() % (1+R-L) + L;
data/astrometry.net-0.80+dfsg/util/wcs-match.c:75:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/util/wcs-pv2sip-main.c:61:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/util/wcs-rd2xy-main.c:57:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/util/wcs-resample-main.c:48:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/util/wcs-to-tan.c:63:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/util/wcs-xy2rd-main.c:65:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/util/wcsinfo.c:55:23: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((argchar = getopt (argc, args, OPTIONS)) != -1) {
data/astrometry.net-0.80+dfsg/blind/agreeable.c:106:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ninfield_tosolve = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/agreeable.c:115:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
firstfieldfile = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/agreeable.c:118:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lastfieldfile = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/agreeable.c:121:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
firstfield = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/agreeable.c:124:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lastfield = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/agreeable.c:380:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[256];
data/astrometry.net-0.80+dfsg/blind/allquads-main.c:89:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
aq->dimquads = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/allquads-main.c:92:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
aq->id = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:342:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
axy->uniformize = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:362:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
axy->extension = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:415:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
axy->downsample = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:433:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verify_extension = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:475:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
axy->cutobjs = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:500:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
axy->W = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:503:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
axy->H = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:509:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
axy->tweakorder = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:622:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[64];
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:696:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char typestr[256];
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:971:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(xylsfn, "rb");
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:984:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(extfn, "wb");
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1202:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[64];
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1203:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANTAG%i", i+1);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1263:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[64];
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1267:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANAPPL%i", i+1);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1271:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANAPPU%i", i+1);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1332:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[64];
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1335:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANDPL%i", (i+1));
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1337:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANDPU%i", (i+1));
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1344:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[64];
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1346:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANFD%i", (i+1));
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1349:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANFDL%i", (i+1));
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1351:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANFDU%i", (i+1));
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1377:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[64];
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1386:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANW%i", I);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1401:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(axy->axyfn, "wb");
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1435:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(xylsfn, "rb");
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1469:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[64];
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1476:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANTAG%i", i+1);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1478:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANAPPL%i", i+1);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1480:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANAPPU%i", i+1);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1482:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANDPL%i", i+1);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1484:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANDPU%i", i+1);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1486:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANFD%i", i+1);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1488:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANFDL%i", i+1);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1490:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANFDU%i", i+1);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1494:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANW%iPIX1", i+1);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1496:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANW%iPIX2", i+1);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1498:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANW%iVAL1", i+1);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1500:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANW%iVAL2", i+1);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1502:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANW%iCD11", i+1);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1504:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANW%iCD12", i+1);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1506:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANW%iCD21", i+1);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1508:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANW%iCD22", i+1);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1510:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANW%iSAO", i+1);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1512:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANW%iSAPO", i+1);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1514:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANW%iSBO", i+1);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1516:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANW%iSBPO", i+1);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1520:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANW%iA%i%i", i+1, j, k);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1522:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANW%iB%i%i", i+1, j, k);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1524:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANW%iAP%i%i", i+1, j, k);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1526:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANW%iBP%i%i", i+1, j, k);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1567:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANDA%i%i", j, k);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1569:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANDB%i%i", j, k);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1571:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANDAP%i%i", j, k);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:1573:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANDBP%i%i", j, k);
data/astrometry.net-0.80+dfsg/blind/blind.c:756:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mymo->fieldxy, bp->solver.vf->xy, mymo->nfield * 2 * sizeof(double));
data/astrometry.net-0.80+dfsg/blind/blind.c:1048:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->sip, mo->sip, sizeof(sip_t));
data/astrometry.net-0.80+dfsg/blind/blind.c:1052:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->refradec, mo->refradec, mo->nindex * 2 * sizeof(double));
data/astrometry.net-0.80+dfsg/blind/blind.c:1056:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->fieldxy, mo->fieldxy, mo->nfield * 2 * sizeof(double));
data/astrometry.net-0.80+dfsg/blind/blind.c:1064:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tagcopy, tag, sizeof(tagalong_t));
data/astrometry.net-0.80+dfsg/blind/blind.c:1069:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tagcopy.data, tag->data, tag->Ndata * tag->itemsize);
data/astrometry.net-0.80+dfsg/blind/blind.c:1259:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wcs_fn[1024];
data/astrometry.net-0.80+dfsg/blind/blind.c:1266:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(wcs_fn, "wb");
data/astrometry.net-0.80+dfsg/blind/blindutils.c:26:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char div[2];
data/astrometry.net-0.80+dfsg/blind/build-index-main.c:112:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
preset = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/build-index-main.c:130:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->Nloosen = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/build-index-main.c:133:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->Nreuse = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/build-index-main.c:136:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->passes = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/build-index-main.c:142:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->UNside = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/build-index-main.c:148:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
inext = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/build-index-main.c:166:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->bighp = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/build-index-main.c:169:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->bignside = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/build-index-main.c:172:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->sweeps = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/build-index-main.c:175:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->Nside = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/build-index-main.c:181:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->margin = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/build-index-main.c:184:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->dimquads = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/build-index-main.c:187:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->indexid = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/catalog_analysis.c:375:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Nside = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/catalog_analysis.c:403:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(infilename, "r");
data/astrometry.net-0.80+dfsg/blind/certifiable.c:86:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
firstfield = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/certifiable.c:89:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lastfield = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/certifiable.c:92:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ncenter = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/certifiable.c:104:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
firstfileid = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/certifiable.c:107:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lastfileid = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/certifiable.c:171:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[1024];
data/astrometry.net-0.80+dfsg/blind/control-program.c:112:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mymatch, mo, sizeof(MatchObj));
data/astrometry.net-0.80+dfsg/blind/control-program.c:129:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mymatch->fieldxy, solver->vf->xy,
data/astrometry.net-0.80+dfsg/blind/control-program.c:197:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
imagew = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/control-program.c:200:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
imageh = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/cut-table.c:39:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(outfn, "wb");
data/astrometry.net-0.80+dfsg/blind/cut-table.c:45:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(infn, "rb");
data/astrometry.net-0.80+dfsg/blind/demo_dsmooth.c:101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullpath[255];
data/astrometry.net-0.80+dfsg/blind/demo_dsmooth.c:102:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outpath_old[255];
data/astrometry.net-0.80+dfsg/blind/demo_dsmooth.c:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outpath_new[255];
data/astrometry.net-0.80+dfsg/blind/demo_dsmooth.c:119:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fullpath, "demo_simplexy_images/");
data/astrometry.net-0.80+dfsg/blind/demo_dsmooth.c:122:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outpath_old, "demo_simplexy_images/out_");
data/astrometry.net-0.80+dfsg/blind/demo_dsmooth.c:125:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outpath_old, "_old");
data/astrometry.net-0.80+dfsg/blind/demo_dsmooth.c:126:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outpath_old, ".png");
data/astrometry.net-0.80+dfsg/blind/demo_dsmooth.c:128:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outpath_new, "demo_simplexy_images/out_");
data/astrometry.net-0.80+dfsg/blind/demo_dsmooth.c:131:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outpath_new, "_new");
data/astrometry.net-0.80+dfsg/blind/demo_dsmooth.c:132:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outpath_new, ".png");
data/astrometry.net-0.80+dfsg/blind/diffractionFlag_check.c:51:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[40];
data/astrometry.net-0.80+dfsg/blind/diffractionFlag_check.c:57:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(fname, "r");
data/astrometry.net-0.80+dfsg/blind/dstnthing.c:236:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
order = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/engine-main.c:188:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
datalogfid = fopen(datalog, "wb");
data/astrometry.net-0.80+dfsg/blind/engine-main.c:203:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(infn, "rb");
data/astrometry.net-0.80+dfsg/blind/engine.c:235:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fconf = fopen(fn, "r");
data/astrometry.net-0.80+dfsg/blind/engine.c:254:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[10240];
data/astrometry.net-0.80+dfsg/blind/engine.c:618:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[64];
data/astrometry.net-0.80+dfsg/blind/engine.c:676:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pretty[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/blind/engine.c:797:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[64];
data/astrometry.net-0.80+dfsg/blind/engine.c:799:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANTAG%i", n);
data/astrometry.net-0.80+dfsg/blind/engine.c:815:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[64];
data/astrometry.net-0.80+dfsg/blind/engine.c:817:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANAPPL%i", n);
data/astrometry.net-0.80+dfsg/blind/engine.c:819:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANAPPU%i", n);
data/astrometry.net-0.80+dfsg/blind/engine.c:840:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[64];
data/astrometry.net-0.80+dfsg/blind/engine.c:842:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANDPL%i", n);
data/astrometry.net-0.80+dfsg/blind/engine.c:844:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANDPU%i", n);
data/astrometry.net-0.80+dfsg/blind/engine.c:859:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lokey[64];
data/astrometry.net-0.80+dfsg/blind/engine.c:860:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hikey[64];
data/astrometry.net-0.80+dfsg/blind/engine.c:862:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lokey, "ANFDL%i", n);
data/astrometry.net-0.80+dfsg/blind/engine.c:866:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hikey, "ANFDU%i", n);
data/astrometry.net-0.80+dfsg/blind/engine.c:871:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pretty1[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/blind/engine.c:872:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pretty2[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/blind/engine.c:887:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[64];
data/astrometry.net-0.80+dfsg/blind/engine.c:889:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANFD%i", n);
data/astrometry.net-0.80+dfsg/blind/engine.c:905:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[64];
data/astrometry.net-0.80+dfsg/blind/engine.c:928:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "ANW%i", n);
data/astrometry.net-0.80+dfsg/blind/engine.c:954:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sp->predistort, &dsip, sizeof(sip_t));
data/astrometry.net-0.80+dfsg/blind/fitsverify.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *filename, errormode[2] = {"w"};
data/astrometry.net-0.80+dfsg/blind/fitsverify.c:250:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(taskname, "fitsverify");
data/astrometry.net-0.80+dfsg/blind/fitsverify.c:257:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(taskvers, "4.16");
data/astrometry.net-0.80+dfsg/blind/fitsverify.c:266:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void HD_ERROR_THROW(char msg[256], int status);
data/astrometry.net-0.80+dfsg/blind/fitsverify.c:267:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void HD_ERROR_THROW(char msg[256], int status)
data/astrometry.net-0.80+dfsg/blind/ftverify.c:133:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infile[PIL_LINESIZE],outfile[PIL_LINESIZE];
data/astrometry.net-0.80+dfsg/blind/ftverify.c:135:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errreport[PIL_LINESIZE];
data/astrometry.net-0.80+dfsg/blind/ftverify.c:137:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char taskname[80] = "ftverify";
data/astrometry.net-0.80+dfsg/blind/ftverify.c:138:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char version[8] = "4.16";
data/astrometry.net-0.80+dfsg/blind/ftverify.c:172:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MAXMSG];
data/astrometry.net-0.80+dfsg/blind/ftverify.c:175:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "Error reading the 'infile' parameter.");
data/astrometry.net-0.80+dfsg/blind/ftverify.c:181:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "Error reading the 'outfile' parameter.");
data/astrometry.net-0.80+dfsg/blind/ftverify.c:186:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "Error reading the 'prhead' parameter.");
data/astrometry.net-0.80+dfsg/blind/ftverify.c:191:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "Error reading the 'prstat' parameter.");
data/astrometry.net-0.80+dfsg/blind/ftverify.c:196:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "Error reading the 'errreport' parameter.");
data/astrometry.net-0.80+dfsg/blind/ftverify.c:201:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "Error reading the 'testdata' parameter.");
data/astrometry.net-0.80+dfsg/blind/ftverify.c:206:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "Error reading the 'tchksum' parameter.");
data/astrometry.net-0.80+dfsg/blind/ftverify.c:211:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "Error reading the 'testfill' parameter.");
data/astrometry.net-0.80+dfsg/blind/ftverify.c:216:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "Error reading the 'heasarc' parameter.");
data/astrometry.net-0.80+dfsg/blind/ftverify.c:242:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char task[80],runchars[30];
data/astrometry.net-0.80+dfsg/blind/ftverify.c:243:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tversion[80];
data/astrometry.net-0.80+dfsg/blind/ftverify.c:246:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MAXMSG];
data/astrometry.net-0.80+dfsg/blind/ftverify.c:255:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (list = fopen(p,"r")) == NULL ) {
data/astrometry.net-0.80+dfsg/blind/ftverify.c:267:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
&& (outfptr = fopen(p,"r") ) != NULL ) {
data/astrometry.net-0.80+dfsg/blind/ftverify.c:285:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if( (outfptr = fopen(p,"w") ) == NULL) {
data/astrometry.net-0.80+dfsg/blind/ftverify.c:293:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
runfile=fopen("/tmp.shared/fits/tmpverify/counter.fitsverify","r+");
data/astrometry.net-0.80+dfsg/blind/ftverify.c:297:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
runnum=atoi(runchars);
data/astrometry.net-0.80+dfsg/blind/ftverify.c:299:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(comm," Run Number %d",runnum);
data/astrometry.net-0.80+dfsg/blind/ftverify.c:301:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(runchars, "%d", runnum);
data/astrometry.net-0.80+dfsg/blind/ftverify.c:320:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(comm, "Caution: Only checking for the most severe FITS format errors.");
data/astrometry.net-0.80+dfsg/blind/ftverify.c:330:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(comm, "HEASARC conventions are being checked.");
data/astrometry.net-0.80+dfsg/blind/ftverify.c:398:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parname[32];
data/astrometry.net-0.80+dfsg/blind/ftverify.c:404:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parname, "numwrns");
data/astrometry.net-0.80+dfsg/blind/ftverify.c:410:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parname, "numerrs");
data/astrometry.net-0.80+dfsg/blind/fverify.h:18:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errmes[256];
data/astrometry.net-0.80+dfsg/blind/fverify.h:19:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char comm[256];
data/astrometry.net-0.80+dfsg/blind/fverify.h:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kname[FLEN_KEYWORD]; /* fits keyword name */
data/astrometry.net-0.80+dfsg/blind/fverify.h:62:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kvalue[FLEN_VALUE]; /* fits keyword name */
data/astrometry.net-0.80+dfsg/blind/fverify.h:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extname[FLEN_VALUE]; /* EXTENSION NAME */
data/astrometry.net-0.80+dfsg/blind/fverify.h:171:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extname[FLEN_VALUE]; /* extension name, used for extension*/
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errtmp[80];
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:147:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,"Column #%d: ",i);
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:172:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,"Column #%d: ",i);
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:250:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,"Column #%d: ",i);
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:364:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errtmp,"Row #%ld Col.#%d: ",jl,icol);
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:368:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes, "Descriptor of Column #%d at Row %ld: ",
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:370:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errtmp,"nelem(%ld) > maxlen(%ld) given by TFORM%d.",
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:382:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes, "Descriptor of Column #%d at Row %ld: ",
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:384:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errtmp,
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:389:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errtmp, "/8 > total heap area = %ld.",
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:392:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errtmp, "*%d > total heap area = %ld.",
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:426:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errtmp,"Row #%ld Col.#%d: ",jl,icol);
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:434:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:437:25: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:450:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errtmp,"Row #%ld Col.#%d: ",jl,icol);
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:456:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:460:24: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:577:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:581:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(comm, "0x%02x ", (unsigned char) data[k*repeat[i]+l]);
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:584:19: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(errmes,"is not left justified.");
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:586:19: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:607:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ucdata = (unsigned char *)cdata[k+1];
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:612:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:616:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:638:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:643:24: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:664:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
floatvalue = (char *)cdata[k+1];
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:672:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:677:22: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:689:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
floatvalue = (char *)cdata[k+1];
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:702:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:707:26: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:752:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[9];
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:753:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[FLEN_VALUE], comment[256];
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:775:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(keyname, "TFORM%d",k);
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:779:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(keyname, "TBCOL%d",k);
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:800:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:803:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:813:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:816:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:830:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_file.c:122:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[FLEN_VALUE];
data/astrometry.net-0.80+dfsg/blind/fvrf_file.c:123:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp1[FLEN_VALUE];
data/astrometry.net-0.80+dfsg/blind/fvrf_file.c:127:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(comm," HDU# Name (version) Type Warnings Errors");
data/astrometry.net-0.80+dfsg/blind/fvrf_file.c:130:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(comm," 1 Primary Array %-4d %-4d ",
data/astrometry.net-0.80+dfsg/blind/fvrf_file.c:137:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp1," (%-d)",p->extver);
data/astrometry.net-0.80+dfsg/blind/fvrf_file.c:196:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_file.c:216:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_file.c:230:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_file.c:254:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(comm,"\n%d Header-Data Units in this file.",totalhdu);
data/astrometry.net-0.80+dfsg/blind/fvrf_file.c:284:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(comm,"**** Verification found %d warning(s) and %d error(s). ****",
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:27:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char temp[80];
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rootnam[FLEN_FILENAME] = ""; /* Input Fits file root name */
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xtension[80];
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:146:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(comm,"**** Abort Verification: Fatal Error. ****");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:204:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:271:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes, "Unregistered XTENSION value \"%8.8s\".",p);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:276:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:344:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:499:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"EXTNAME");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:507:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"EXTVER");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:542:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"CROTA2");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:550:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"WCSAXES");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:663:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:668:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:769:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:776:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:835:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:962:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"GROUPS");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:979:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"EXTEND");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:986:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,"There are extensions but EXTEND = F.");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:993:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"PCOUNT");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1013:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"GCOUNT");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1033:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"BLOCKED");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1056:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"PSCAL");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1067:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1076:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1093:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"PZERO");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1104:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1122:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"PTYPE");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1133:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1185:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(comm,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1193:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"PCOUNT");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1197:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,"cannot find the PCOUNT keyword.");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1205:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,"PCOUNT is not in record %d of the header.",
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1214:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"GCOUNT");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1218:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,"cannot find the GCOUNT keyword.");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1226:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,"GCOUNT is not in record %d of the header.",
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1293:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1299:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1352:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"BLANK");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1365:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"BSCALE");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1586:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"TFIELDS");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1594:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"TTYPE");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1616:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"TFORM");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1634:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1664:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"TUNIT");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1687:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"TDISP");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1700:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2023:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"TBCOL");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2047:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"TNULL");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2064:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"TSCAL");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2094:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"TZERO");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2118:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"TDIM");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2133:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"THEAP");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2195:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"TNULL");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2225:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(errmes, " is not in the range of datatype B.");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2233:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(errmes, " is not in the range of datatype I ");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2239:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"TSCAL");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2249:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2272:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"TZERO");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2300:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"THEAP");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2306:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2318:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,"Column #%d: ",i);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2328:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2337:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"TDIM");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2348:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2470:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"NAXIS");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2493:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"EPOCH");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2506:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"DATE");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2564:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"LONGSTRN");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2568:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2665:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2797:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hdutitle[64];
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2806:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hdutitle," HDU %d: Primary Array ", curhdu);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2811:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hdutitle," HDU %d: Image Exten. ", curhdu);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2814:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hdutitle," HDU %d: ASCII Table ", curhdu);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2817:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hdutitle," HDU %d: BINARY Table ", curhdu);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2820:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hdutitle," HDU %d: Unknown Ext. ", curhdu);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2840:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char htemp[100];
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2864:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extver[10];
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2865:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extnv[FLEN_VALUE];
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2873:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(comm," %d header keywords", hduptr->nkeys);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2879:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(extver,"(%d)",hduptr->extver);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2893:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(comm, " Col# Name (Units) Format");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2901:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(comm," %3d %-20.20s %-10.10s",
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2908:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(comm, " %d Random Groups, ",hduptr->gcount);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2912:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp," 8-bit integer pixels, ");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2915:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp," 16-bit integer pixels, ");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2918:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp," 16-bit unsigned integer pixels, ");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2921:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp," 32-bit integer pixels, ");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2924:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp," 64-bit long integer pixels, ");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2927:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp," 32-bit unsigned integer pixels, ");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2930:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp," 32-bit floating point pixels, ");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2933:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp," 64-bit double precision pixels, ");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2936:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp," unknown datatype, ");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2941:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp," %d axes ",hduptr->naxis);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2945:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "(%lld",hduptr->naxes[0]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2947:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "(%ld",hduptr->naxes[0]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2955:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, " x %lld",hduptr->naxes[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2957:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, " x %ld",hduptr->naxes[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2961:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(comm,"), ");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2972:20: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(extver," (%d)",hduptr->extver);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2980:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp," 8-bit integer pixels, ");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2983:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp," 16-bit integer pixels, ");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2986:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp," 16-bit unsigned integer pixels, ");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2989:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp," 32-bit integer pixels, ");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2992:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp," 64-bit long integer pixels, ");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2995:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp," 32-bit unsigned integer pixels, ");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2998:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp," 32-bit floating point pixels, ");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:3001:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp," 64-bit double precision pixels, ");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:3004:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp," unknown datatype, ");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:3009:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp," %d axes ",hduptr->naxis);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:3013:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "(%lld",hduptr->naxes[0]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:3015:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "(%ld",hduptr->naxes[0]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:3023:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, " x %lld",hduptr->naxes[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:3025:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, " x %ld",hduptr->naxes[i]);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:3029:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(comm,"), ");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:3033:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(comm," Null data array; NAXIS = 0 ");
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:19:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vind[3];
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp1[FLEN_CARD];
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:333:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[FLEN_CARD];
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:334:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:429:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[FLEN_CARD];
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:562:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(errmes," The value is entered as a string. ");
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:580:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(errmes," The value is entered as a string. ");
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:594:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(errmes," The value is entered as a string. ");
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:608:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(errmes," The value is entered as a string. ");
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:621:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(errmes," The value is entered as a string. ");
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:647:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:669:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:679:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:700:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:714:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:725:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmes,
data/astrometry.net-0.80+dfsg/blind/fvrf_misc.c:18:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char temp[512];
data/astrometry.net-0.80+dfsg/blind/fvrf_misc.c:47:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"*** Warning: ");
data/astrometry.net-0.80+dfsg/blind/fvrf_misc.c:49:19: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if(isheasarc) strcat(temp," (HEASARC Convention)");
data/astrometry.net-0.80+dfsg/blind/fvrf_misc.c:67:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"*** Error: ");
data/astrometry.net-0.80+dfsg/blind/fvrf_misc.c:99:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ttemp[255];
data/astrometry.net-0.80+dfsg/blind/fvrf_misc.c:107:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"*** Error: ");
data/astrometry.net-0.80+dfsg/blind/fvrf_misc.c:143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[20][80];
data/astrometry.net-0.80+dfsg/blind/fvrf_misc.c:152:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"*** Error: ");
data/astrometry.net-0.80+dfsg/blind/fvrf_misc.c:154:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(temp,"(from CFITSIO error stack:)");
data/astrometry.net-0.80+dfsg/blind/fvrf_misc.c:199:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[81];
data/astrometry.net-0.80+dfsg/blind/fvrf_misc.c:200:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cont_fmt[80];
data/astrometry.net-0.80+dfsg/blind/fvrf_misc.c:207:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cont_fmt,"%.67s\n");
data/astrometry.net-0.80+dfsg/blind/get-wcs.c:54:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ext = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/get-wcs.c:106:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(outfn, "wb");
data/astrometry.net-0.80+dfsg/blind/hpgrid.c:61:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Nside = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/hpowned.c:57:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Nside = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/hpowned.c:73:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bighp = atoi(args[optind]);
data/astrometry.net-0.80+dfsg/blind/hpquads-main.c:89:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dimquads = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/hpquads-main.c:92:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Nloosen = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/hpquads-main.c:95:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Nreuse = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/hpquads-main.c:98:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
passes = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/hpquads-main.c:101:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/hpquads-main.c:104:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Nside = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/hpquads.c:142:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempdata + k*me->sort_size,
data/astrometry.net-0.80+dfsg/blind/hpquads.c:246:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[64];
data/astrometry.net-0.80+dfsg/blind/hpquads.c:247:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "PASS%i", i+1);
data/astrometry.net-0.80+dfsg/blind/hpquads.c:500:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[64];
data/astrometry.net-0.80+dfsg/blind/hpquads.c:511:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "PASS%i", pass+1);
data/astrometry.net-0.80+dfsg/blind/image2xy-main.c:86:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params->Lorder = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/image2xy-main.c:95:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params->maxsize = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/image2xy-main.c:108:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
plane = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/image2xy-main.c:111:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params->halfbox = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/image2xy-main.c:132:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
extension = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/image2xy-main.c:135:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
downsample_as_reqd = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/image2xy-main.c:141:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
downsample = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/imcopy.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[81];
data/astrometry.net-0.80+dfsg/blind/keirthing.c:43:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
order = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/keirthing.c:46:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
W = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/keirthing.c:49:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
H = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/listhead.c:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD]; /* Standard string lengths defined in fitsio.h */
data/astrometry.net-0.80+dfsg/blind/liststruc.c:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[FLEN_KEYWORD], colname[FLEN_VALUE], coltype[FLEN_VALUE];
data/astrometry.net-0.80+dfsg/blind/local-index.c:102:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ip->Nloosen = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/local-index.c:105:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ip->Nreuse = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/local-index.c:108:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ip->passes = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/local-index.c:114:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ip->UNside = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/local-index.c:123:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ip->sweeps = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/local-index.c:129:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nhp = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/local-index.c:135:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ip->dimquads = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/local-index.c:138:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ip->indexid = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/matchfile.c:181:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, mo, sizeof(MatchObj));
data/astrometry.net-0.80+dfsg/blind/matchobj.c:37:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cur, " bail");
data/astrometry.net-0.80+dfsg/blind/matchobj.c:42:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cur, " stopped");
data/astrometry.net-0.80+dfsg/blind/matchobj.c:52:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cur, "(best)");
data/astrometry.net-0.80+dfsg/blind/merge-index.c:26:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(indexfn, "wb");
data/astrometry.net-0.80+dfsg/blind/modhead.c:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD], newcard[FLEN_CARD];
data/astrometry.net-0.80+dfsg/blind/modhead.c:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldvalue[FLEN_VALUE], comment[FLEN_COMMENT];
data/astrometry.net-0.80+dfsg/blind/modhead.c:74:25: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(newcard, " = "); /* '=' value delimiter */
data/astrometry.net-0.80+dfsg/blind/modhead.c:77:29: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(newcard, " / "); /* comment delimiter */
data/astrometry.net-0.80+dfsg/blind/modhead.c:81:29: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(newcard, " / "); /* comment delimiter */
data/astrometry.net-0.80+dfsg/blind/new-wcs-main.c:47:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
extension = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/new-wcs.c:62:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[256];
data/astrometry.net-0.80+dfsg/blind/new-wcs.c:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[FITS_LINESZ + 1];
data/astrometry.net-0.80+dfsg/blind/new-wcs.c:85:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newkey[FITS_LINESZ + 1];
data/astrometry.net-0.80+dfsg/blind/new-wcs.c:86:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[FITS_LINESZ + 1];
data/astrometry.net-0.80+dfsg/blind/new-wcs.c:87:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[FITS_LINESZ + 1];
data/astrometry.net-0.80+dfsg/blind/new-wcs.c:92:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfid = fopen(outfn, "wb");
data/astrometry.net-0.80+dfsg/blind/new-wcs.c:121:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[256];
data/astrometry.net-0.80+dfsg/blind/new-wcs.c:132:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[256];
data/astrometry.net-0.80+dfsg/blind/new-wcs.c:161:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[FITS_LINESZ + 1];
data/astrometry.net-0.80+dfsg/blind/new-wcs.c:212:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[FITS_LINESZ + 1];
data/astrometry.net-0.80+dfsg/blind/new-wcs.c:270:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infid = fopen(infn, "rb");
data/astrometry.net-0.80+dfsg/blind/onepixel.c:9:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char img[4];
data/astrometry.net-0.80+dfsg/blind/plot-constellations.c:330:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Nbright = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/plot-constellations.c:357:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
W = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/plot-constellations.c:360:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
H = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/plot-xy-and-quad.c:95:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
outW = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/plot-xy-and-quad.c:98:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
outH = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/plotannotations.c:365:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[16];
data/astrometry.net-0.80+dfsg/blind/plotannotations.c:377:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(label, "HD %i", entry->hd);
data/astrometry.net-0.80+dfsg/blind/plotgrid.c:286:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[32];
data/astrometry.net-0.80+dfsg/blind/plothealpix.c:120:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
args->nside = atoi(cmdargs);
data/astrometry.net-0.80+dfsg/blind/plothealpix.c:122:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
args->stepsize = atoi(cmdargs);
data/astrometry.net-0.80+dfsg/blind/plotimage.c:648:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
args->fitsext = atoi(cmdargs);
data/astrometry.net-0.80+dfsg/blind/plotindex.c:226:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
args->stars = atoi(cmdargs);
data/astrometry.net-0.80+dfsg/blind/plotindex.c:228:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
args->quads = atoi(cmdargs);
data/astrometry.net-0.80+dfsg/blind/plotindex.c:230:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
args->fill = atoi(cmdargs);
data/astrometry.net-0.80+dfsg/blind/plotquad.c:94:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dimquads = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/plotquad.c:127:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
W = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/plotquad.c:130:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
H = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/plotquad.c:133:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lw = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/plotradec.c:177:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
args->ext = atoi(cmdargs);
data/astrometry.net-0.80+dfsg/blind/plotradec.c:183:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
args->firstobj = atoi(cmdargs);
data/astrometry.net-0.80+dfsg/blind/plotradec.c:185:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
args->nobjs = atoi(cmdargs);
data/astrometry.net-0.80+dfsg/blind/plotstuff-main.c:165:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pargs.W = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/plotstuff-main.c:168:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pargs.H = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/plotstuff.c:990:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pargs->fout = fopen(pargs->outfn, "wb");
data/astrometry.net-0.80+dfsg/blind/plotstuff.c:1187:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pargs->fout = fopen(pargs->outfn, "wb");
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:633:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char hex[17] = "0123456789abcdef";
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:795:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newstr, cstr, len+1);
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:1778:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[SWIG_BUFFER_SIZE];
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:1789:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[SWIG_BUFFER_SIZE];
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:1919:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pack, ptr, size);
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:1937:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, sobj->pack, size);
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:2481:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mesg[256];
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:2954:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
*cptr = (char *)memcpy(malloc((len + 1)*sizeof(char)), cstr, sizeof(char)*(len + 1));
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:2996:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
*cptr = (char *)memcpy(malloc((len + 1)*sizeof(char)), cstr, sizeof(char)*(len + 1));
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:3139:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (csize) memcpy(val, cptr, csize*sizeof(char));
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:3418:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->img + 4*i, src + 4*i, 4);
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:3420:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->img + 4*i, src + 3*i, 3);
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:3648:35: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
arg1->outfn = (char *)(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:5526:34: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
arg1->name = (char *)(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:8370:44: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
arg1->filename = (char const *)(char *)memcpy(malloc((size)*sizeof(char)), arg2, sizeof(char)*(size));
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:10154:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
arg1->fn = (char *)(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:11922:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp4[3] ;
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:13375:38: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
arg1->raformat = (char *)(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:13436:39: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
arg1->decformat = (char *)(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:14718:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
arg1->fn = (char *)(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:14831:34: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
arg1->xcol = (char *)(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:14892:34: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
arg1->ycol = (char *)(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:15819:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
arg1->fn = (char *)(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:15932:35: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
arg1->racol = (char *)(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:15993:36: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
arg1->deccol = (char *)(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:17766:40: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
arg1->hd_catalog = (char *)(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:19913:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gv->name, name, size);
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:19994:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff, methods[i].ml_doc, ldoc);
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:19996:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff, "swig_ptr: ", 10);
data/astrometry.net-0.80+dfsg/blind/plotxy-main.c:131:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pargs.W = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/plotxy-main.c:134:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pargs.H = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/plotxy-main.c:137:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xy->firstobj = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/plotxy-main.c:140:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xy->nobjs = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/plotxy-main.c:143:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xy->ext = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/plotxy.c:228:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
args->ext = atoi(cmdargs);
data/astrometry.net-0.80+dfsg/blind/plotxy.c:238:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
args->firstobj = atoi(cmdargs);
data/astrometry.net-0.80+dfsg/blind/plotxy.c:240:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
args->nobjs = atoi(cmdargs);
data/astrometry.net-0.80+dfsg/blind/printsolved.c:72:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxfield = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/quad-builder.c:247:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pq->inbox, qb->inbox, ninbox * sizeof(int));
data/astrometry.net-0.80+dfsg/blind/quadscales.c:48:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Nbins = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/quadscales.c:63:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fixed_basename[256];
data/astrometry.net-0.80+dfsg/blind/randcat.c:35:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
RANDSEED = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/rdls2hpls.c:32:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hpf = fopen(outfn, "w");
data/astrometry.net-0.80+dfsg/blind/rdlstohealpix.c:45:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Nside = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/resort-xylist.c:48:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(infn, "rb");
data/astrometry.net-0.80+dfsg/blind/resort-xylist.c:54:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(outfn, "wb");
data/astrometry.net-0.80+dfsg/blind/solve-field.c:550:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rastr[32], decstr[32];
data/astrometry.net-0.80+dfsg/blind/solve-field.c:654:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[32];
data/astrometry.net-0.80+dfsg/blind/solve-field.c:659:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(val, "%i", axy->W);
data/astrometry.net-0.80+dfsg/blind/solve-field.c:661:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(val, "%i", axy->H);
data/astrometry.net-0.80+dfsg/blind/solve-field.c:994:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(axy, allaxy, sizeof(augment_xylist_t));
data/astrometry.net-0.80+dfsg/blind/solve-field.c:999:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fnbuf[1024];
data/astrometry.net-0.80+dfsg/blind/solvedfile.c:30:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fn, "rb");
data/astrometry.net-0.80+dfsg/blind/solvedfile.c:52:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fn, "rb");
data/astrometry.net-0.80+dfsg/blind/solvedfile.c:90:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fn, "rb");
data/astrometry.net-0.80+dfsg/blind/solvedfile.c:163:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = open(fn, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH);
data/astrometry.net-0.80+dfsg/blind/solvedfile.c:204:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = open(fn, O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
data/astrometry.net-0.80+dfsg/blind/solvedfile.c:238:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fn, "wb");
data/astrometry.net-0.80+dfsg/blind/solvedfile.c:260:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = open(fn, O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
data/astrometry.net-0.80+dfsg/blind/solver.c:166:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&startsip, verifysip, sizeof(sip_t));
data/astrometry.net-0.80+dfsg/blind/solver.c:206:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(mo->wcstan), &(mo->sip->wcstan), sizeof(tan_t));
data/astrometry.net-0.80+dfsg/blind/solver.c:356:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mo, solver->mo_template, sizeof(MatchObj));
data/astrometry.net-0.80+dfsg/blind/solver.c:462:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(mo.wcstan), &(sip->wcstan), sizeof(tan_t));
data/astrometry.net-0.80+dfsg/blind/solver.c:1335:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(mo.wcstan), &wcs, sizeof(tan_t));
data/astrometry.net-0.80+dfsg/blind/solver.c:1353:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mo.quadpix, field_xy, 2 * dimquads * sizeof(double));
data/astrometry.net-0.80+dfsg/blind/solver.c:1354:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mo.quadxyz, starxyz, 3 * dimquads * sizeof(double));
data/astrometry.net-0.80+dfsg/blind/solver.c:1491:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(matchxyz + 3*Ngood, mo->refxyz + 3*mo->theta[i],
data/astrometry.net-0.80+dfsg/blind/solver.c:1509:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(sip->wcstan), &(mo->wcstan), sizeof(tan_t));
data/astrometry.net-0.80+dfsg/blind/solver.c:1591:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(mo->wcstan), &wcs3, sizeof(tan_t));
data/astrometry.net-0.80+dfsg/blind/solver.c:1620:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sp->best_match, mo, sizeof(MatchObj));
data/astrometry.net-0.80+dfsg/blind/spike_join.c:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[32];
data/astrometry.net-0.80+dfsg/blind/spike_join.c:83:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inFid = fopen(argv[1], "r");
data/astrometry.net-0.80+dfsg/blind/spike_join.c:84:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outFid = fopen(argv[2], "w");
data/astrometry.net-0.80+dfsg/blind/startree-main.c:197:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fid = fopen(skdtfn, "r+b");
data/astrometry.net-0.80+dfsg/blind/startree.c:223:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[16];
data/astrometry.net-0.80+dfsg/blind/startree.c:225:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "SWEEP%i", i);
data/astrometry.net-0.80+dfsg/blind/subwcs.c:59:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ext = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/tablist.c:39:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *val, value[1000], nullstr[]="*";
data/astrometry.net-0.80+dfsg/blind/tablist.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[FLEN_KEYWORD], colname[FLEN_VALUE];
data/astrometry.net-0.80+dfsg/blind/tablist.c:81:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_linewidth = atoi(argv[i+1]);
data/astrometry.net-0.80+dfsg/blind/tablist.c:161:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/astrometry.net-0.80+dfsg/blind/test-solver-2.c:191:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(flatwanted+i*4, wanted4[i], itemsize);
data/astrometry.net-0.80+dfsg/blind/test-solver-2.c:202:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(flatwanted+i*5, wanted5[i], itemsize);
data/astrometry.net-0.80+dfsg/blind/test-solver-2.c:210:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(flatwanted+i*3, wanted3[i], itemsize);
data/astrometry.net-0.80+dfsg/blind/test-solver-2.c:228:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(flatwanted+i*4, wanted4b[i], itemsize);
data/astrometry.net-0.80+dfsg/blind/test-solver-2.c:237:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(flatwanted+i*3, wanted3b[i], itemsize);
data/astrometry.net-0.80+dfsg/blind/test-solver-2.c:246:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(flatwanted+i*5, wanted5b[i], itemsize);
data/astrometry.net-0.80+dfsg/blind/test-solver.c:55:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sorted, fieldstars, dimquad * sizeof(int));
data/astrometry.net-0.80+dfsg/blind/tweak-main.c:309:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfn[32];
data/astrometry.net-0.80+dfsg/blind/tweak-main.c:315:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outfn, "tweak-%03i.png", j);
data/astrometry.net-0.80+dfsg/blind/tweak.c:356:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t->a_ref, a, n*sizeof(double));
data/astrometry.net-0.80+dfsg/blind/tweak.c:357:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t->d_ref, d, n*sizeof(double));
data/astrometry.net-0.80+dfsg/blind/tweak.c:413:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t->xyz_ref, xyz, 3*n*sizeof(double));
data/astrometry.net-0.80+dfsg/blind/tweak.c:463:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_image, t->xyz, 3*t->n*sizeof(double));
data/astrometry.net-0.80+dfsg/blind/tweak.c:464:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_ref, t->xyz_ref, 3*t->n_ref*sizeof(double));
data/astrometry.net-0.80+dfsg/blind/tweak.c:620:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t->sip, &sipout, sizeof(sip_t));
data/astrometry.net-0.80+dfsg/blind/tweak.c:777:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(t->sip->wcstan), wcs, sizeof(tan_t));
data/astrometry.net-0.80+dfsg/blind/tweak2.c:139:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[32];
data/astrometry.net-0.80+dfsg/blind/tweak2.c:140:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(label, "%i", i);
data/astrometry.net-0.80+dfsg/blind/tweak2.c:170:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fn[256];
data/astrometry.net-0.80+dfsg/blind/tweak2.c:229:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(qc, quadcenter, 2*sizeof(double));
data/astrometry.net-0.80+dfsg/blind/tweak2.c:247:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sipout, startwcs, sizeof(sip_t));
data/astrometry.net-0.80+dfsg/blind/tweak2.c:388:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/astrometry.net-0.80+dfsg/blind/tweak2.c:389:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "o%is%02ipre", order, step);
data/astrometry.net-0.80+dfsg/blind/tweak2.c:409:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(matchxy + Nmatch*2, fieldxy + i*2, 2*sizeof(double));
data/astrometry.net-0.80+dfsg/blind/uniformize-catalog-main.c:79:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bighp = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/uniformize-catalog-main.c:82:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bignside = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/uniformize-catalog-main.c:85:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sweeps = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/uniformize-catalog-main.c:88:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Nside = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/uniformize-catalog-main.c:94:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
margin = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/uniformize-catalog.c:374:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[64];
data/astrometry.net-0.80+dfsg/blind/uniformize-catalog.c:375:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "SWEEP%i", (k+1));
data/astrometry.net-0.80+dfsg/blind/unpermute-quads.c:106:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(treeout->tree, treein->tree, sizeof(kdtree_t));
data/astrometry.net-0.80+dfsg/blind/unpermute-stars.c:139:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(treeout->tree, treein->tree, sizeof(kdtree_t));
data/astrometry.net-0.80+dfsg/blind/unpermute-stars.c:167:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[16];
data/astrometry.net-0.80+dfsg/blind/unpermute-stars.c:169:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "SWEEP%i", i);
data/astrometry.net-0.80+dfsg/blind/verify.c:264:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->testperm + igood, v->tbadguys, ibad * sizeof(int));
data/astrometry.net-0.80+dfsg/blind/verify.c:389:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->testperm + igood, v->tbadguys, ibad * sizeof(int));
data/astrometry.net-0.80+dfsg/blind/verify.c:429:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->refperm + igood, v->badguys, ibad * sizeof(int));
data/astrometry.net-0.80+dfsg/blind/verify.c:1024:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(mo.wcstan), &(sip->wcstan), sizeof(tan_t));
data/astrometry.net-0.80+dfsg/blind/verify.c:1363:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->refperm + igood, v->badguys, ibad * sizeof(int));
data/astrometry.net-0.80+dfsg/blind/verify.c:1516:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->refxyz, mo->refxyz, mo->nindex * 3 * sizeof(double));
data/astrometry.net-0.80+dfsg/blind/verify.c:1520:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->refxy, mo->refxy, mo->nindex * 2 * sizeof(double));
data/astrometry.net-0.80+dfsg/blind/verify.c:1524:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->refstarid, mo->refstarid, mo->nindex * sizeof(int));
data/astrometry.net-0.80+dfsg/blind/verify.c:1528:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->matchodds, mo->matchodds, mo->nfield * sizeof(double));
data/astrometry.net-0.80+dfsg/blind/verify.c:1532:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->theta, mo->theta, mo->nfield * sizeof(int));
data/astrometry.net-0.80+dfsg/blind/verify.c:1682:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v.testperm + igood, v.tbadguys, ibad * sizeof(int));
data/astrometry.net-0.80+dfsg/blind/verify.c:1721:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v.refperm + igood, v.badguys, ibad * sizeof(int));
data/astrometry.net-0.80+dfsg/blind/verify2.c:93:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(refcopy, refxys, 2 * NR * sizeof(double));
data/astrometry.net-0.80+dfsg/blind/wcs-grab.c:53:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ext = atoi(args[optind+1]);
data/astrometry.net-0.80+dfsg/blind/whynot.c:384:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fxycopy, fieldxy, Nfield * 2 * sizeof(double));
data/astrometry.net-0.80+dfsg/blind/whynot.c:956:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mo.wcstan, &wcs, sizeof(tan_t));
data/astrometry.net-0.80+dfsg/blind/whynot.c:979:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(fq.mo), &mo, sizeof(MatchObj));
data/astrometry.net-0.80+dfsg/catalogs/2masstofits.c:51:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Nside = atoi(optarg);
data/astrometry.net-0.80+dfsg/catalogs/2masstofits.c:82:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/astrometry.net-0.80+dfsg/catalogs/2masstofits.c:116:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[256];
data/astrometry.net-0.80+dfsg/catalogs/build-hd-tree.c:279:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(crossfn, "rb");
data/astrometry.net-0.80+dfsg/catalogs/build-hd-tree.c:288:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/astrometry.net-0.80+dfsg/catalogs/build-hd-tree.c:327:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(infn, "rb");
data/astrometry.net-0.80+dfsg/catalogs/build-hd-tree.c:343:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/astrometry.net-0.80+dfsg/catalogs/grab-stellarium-constellations.c:93:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[256];
data/astrometry.net-0.80+dfsg/catalogs/grab-stellarium-constellations.c:96:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fconst = fopen(fn, "rb");
data/astrometry.net-0.80+dfsg/catalogs/grab-stellarium-constellations.c:106:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[256];
data/astrometry.net-0.80+dfsg/catalogs/grab-stellarium-constellations.c:109:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fhip = fopen(fn, "rb");
data/astrometry.net-0.80+dfsg/catalogs/grab-stellarium-constellations.c:136:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shortname[16];
data/astrometry.net-0.80+dfsg/catalogs/nomadtofits.c:60:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Nside = atoi(optarg);
data/astrometry.net-0.80+dfsg/catalogs/nomadtofits.c:103:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(infn, "rb");
data/astrometry.net-0.80+dfsg/catalogs/nomadtofits.c:165:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[256];
data/astrometry.net-0.80+dfsg/catalogs/openngc.c:65:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi(cptr);
data/astrometry.net-0.80+dfsg/catalogs/openngc.c:73:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nsname[256];
data/astrometry.net-0.80+dfsg/catalogs/read_nomad.c:44:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(infn, "rb");
data/astrometry.net-0.80+dfsg/catalogs/tycho2.c:18:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/astrometry.net-0.80+dfsg/catalogs/tycho2.c:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/astrometry.net-0.80+dfsg/catalogs/tycho2.c:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/astrometry.net-0.80+dfsg/catalogs/tycho2.c:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/astrometry.net-0.80+dfsg/catalogs/tycho2tofits.c:55:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Nside = atoi(optarg);
data/astrometry.net-0.80+dfsg/catalogs/tycho2tofits.c:99:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(infn, "rb");
data/astrometry.net-0.80+dfsg/catalogs/tycho2tofits.c:164:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[256];
data/astrometry.net-0.80+dfsg/catalogs/tycho2tostellarium.c:76:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(outfn, "wb");
data/astrometry.net-0.80+dfsg/catalogs/ucac3tofits.c:67:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Nside = atoi(optarg);
data/astrometry.net-0.80+dfsg/catalogs/ucac3tofits.c:109:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(infn, "rb");
data/astrometry.net-0.80+dfsg/catalogs/ucac3tofits.c:123:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[UCAC3_RECORD_SIZE];
data/astrometry.net-0.80+dfsg/catalogs/ucac3tofits.c:141:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[256];
data/astrometry.net-0.80+dfsg/catalogs/ucac4tofits.c:67:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Nside = atoi(optarg);
data/astrometry.net-0.80+dfsg/catalogs/ucac4tofits.c:109:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(infn, "rb");
data/astrometry.net-0.80+dfsg/catalogs/ucac4tofits.c:123:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[UCAC4_RECORD_SIZE];
data/astrometry.net-0.80+dfsg/catalogs/ucac4tofits.c:141:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[256];
data/astrometry.net-0.80+dfsg/catalogs/usnob-fits.c:67:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char field[256];
data/astrometry.net-0.80+dfsg/catalogs/usnob-fits.c:68:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(field, "MAGNITUDE_%i", ob);
data/astrometry.net-0.80+dfsg/catalogs/usnob-fits.c:70:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(field, "FIELD_%i", ob);
data/astrometry.net-0.80+dfsg/catalogs/usnob-fits.c:72:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(field, "SURVEY_%i", ob);
data/astrometry.net-0.80+dfsg/catalogs/usnob-fits.c:74:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(field, "STAR_GALAXY_%i", ob);
data/astrometry.net-0.80+dfsg/catalogs/usnob-fits.c:76:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(field, "XI_RESIDUAL_%i", ob);
data/astrometry.net-0.80+dfsg/catalogs/usnob-fits.c:78:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(field, "ETA_RESIDUAL_%i", ob);
data/astrometry.net-0.80+dfsg/catalogs/usnob-fits.c:80:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(field, "CALIBRATION_%i", ob);
data/astrometry.net-0.80+dfsg/catalogs/usnob-fits.c:82:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(field, "PMM_%i", ob);
data/astrometry.net-0.80+dfsg/catalogs/usnob-scamp-catalog.c:65:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nside = atoi(optarg);
data/astrometry.net-0.80+dfsg/catalogs/usnobtofits.c:62:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Nside = atoi(optarg);
data/astrometry.net-0.80+dfsg/catalogs/usnobtofits.c:117:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(infn, "rb");
data/astrometry.net-0.80+dfsg/catalogs/usnobtofits.c:175:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[256];
data/astrometry.net-0.80+dfsg/include/astrometry/2mass.h:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char designation[18];
data/astrometry.net-0.80+dfsg/include/astrometry/matchobj.h:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fieldname[32];
data/astrometry.net-0.80+dfsg/include/astrometry/qfits_table.h:145:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tlabel[FITSVALSZ];
data/astrometry.net-0.80+dfsg/include/astrometry/qfits_table.h:148:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tunit[FITSVALSZ];
data/astrometry.net-0.80+dfsg/include/astrometry/qfits_table.h:151:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nullval[FITSVALSZ];
data/astrometry.net-0.80+dfsg/include/astrometry/qfits_table.h:154:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tdisp[FITSVALSZ];
data/astrometry.net-0.80+dfsg/include/astrometry/qfits_table.h:212:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[512];
data/astrometry.net-0.80+dfsg/include/astrometry/tycho2.h:98:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hip_ccdm[4]; // (up to three chars; null-terminated.)
data/astrometry.net-0.80+dfsg/libkd/fix-bb.c:139:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/libkd/fix-bb.c:140:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/libkd/fix-bb.c:141:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char com[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/libkd/fix-bb.c:158:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(infn, "rb");
data/astrometry.net-0.80+dfsg/libkd/fix-bb.c:163:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(outfn, "ab");
data/astrometry.net-0.80+dfsg/libkd/kdtree.c:254:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, kd->data.d + start*D,
data/astrometry.net-0.80+dfsg/libkd/kdtree.c:298:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/astrometry.net-0.80+dfsg/libkd/kdtree.c:396:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(kd->minval, low, D * sizeof(double));
data/astrometry.net-0.80+dfsg/libkd/kdtree.c:397:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(kd->maxval, high, D * sizeof(double));
data/astrometry.net-0.80+dfsg/libkd/kdtree_fits_io.c:39:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/libkd/kdtree_internal.c:1424:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, kd->data.DTYPE + start*D, N*D*sizeof(etype));
data/astrometry.net-0.80+dfsg/libkd/kdtree_internal.c:1502:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(parr + l, tmpparr, (size_t)N*(size_t)sizeof(int));
data/astrometry.net-0.80+dfsg/libkd/kdtree_internal.c:1528:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpdata, KD_ARRAY_REF(arr, D, il, 0), D*sizeof(dtype)); \
data/astrometry.net-0.80+dfsg/libkd/kdtree_internal.c:1529:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(KD_ARRAY_REF(arr, D, il, 0), KD_ARRAY_REF(arr, D, ir, 0), D*sizeof(dtype)); \
data/astrometry.net-0.80+dfsg/libkd/kdtree_internal.c:1530:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(KD_ARRAY_REF(arr, D, ir, 0), tmpdata, D*sizeof(dtype)); }}
data/astrometry.net-0.80+dfsg/libkd/kdtree_internal.c:1538:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpdata, KD_ARRAY_REF(arr, D, iC, 0), D*sizeof(dtype)); \
data/astrometry.net-0.80+dfsg/libkd/kdtree_internal.c:1539:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(KD_ARRAY_REF(arr, D, iC, 0), KD_ARRAY_REF(arr, D, iB, 0), D*sizeof(dtype)); \
data/astrometry.net-0.80+dfsg/libkd/kdtree_internal.c:1540:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(KD_ARRAY_REF(arr, D, iB, 0), KD_ARRAY_REF(arr, D, iA, 0), D*sizeof(dtype)); \
data/astrometry.net-0.80+dfsg/libkd/kdtree_internal.c:1541:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(KD_ARRAY_REF(arr, D, iA, 0), tmpdata, D*sizeof(dtype)); }
data/astrometry.net-0.80+dfsg/libkd/kdtree_internal.c:2176:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(kd->minval, minval, D*sizeof(double));
data/astrometry.net-0.80+dfsg/libkd/kdtree_internal.c:2180:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(kd->maxval, maxval, D*sizeof(double));
data/astrometry.net-0.80+dfsg/libkd/kdtree_internal_fits.c:317:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempranges, kd->minval, kd->ndim * sizeof(double));
data/astrometry.net-0.80+dfsg/libkd/kdtree_internal_fits.c:318:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempranges + kd->ndim, kd->maxval, kd->ndim * sizeof(double));
data/astrometry.net-0.80+dfsg/libkd/test-quickselect.c:63:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpdata, arr+(il)*D, D*sizeof(dtype)); \
data/astrometry.net-0.80+dfsg/libkd/test-quickselect.c:64:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arr+(il)*D, arr+(ir)*D, D*sizeof(dtype)); \
data/astrometry.net-0.80+dfsg/libkd/test-quickselect.c:65:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arr+(ir)*D, tmpdata, D*sizeof(dtype)); }}
data/astrometry.net-0.80+dfsg/libkd/test-quickselect.c:73:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpdata, arr+(iC)*D, D*sizeof(dtype)); \
data/astrometry.net-0.80+dfsg/libkd/test-quickselect.c:74:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arr+(iC)*D, arr+(iB)*D, D*sizeof(dtype)); \
data/astrometry.net-0.80+dfsg/libkd/test-quickselect.c:75:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arr+(iB)*D, arr+(iA)*D, D*sizeof(dtype)); \
data/astrometry.net-0.80+dfsg/libkd/test-quickselect.c:76:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arr+(iA)*D, tmpdata, D*sizeof(dtype)); }
data/astrometry.net-0.80+dfsg/libkd/test_libkd.c:280:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(treedata, origdata, N*D*sizeof(double));
data/astrometry.net-0.80+dfsg/libkd/test_libkd.c:343:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(treedata, origdata, N*D*sizeof(double));
data/astrometry.net-0.80+dfsg/libkd/test_libkd_io.c:134:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[1024];
data/astrometry.net-0.80+dfsg/libkd/test_libkd_io.c:143:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fn, "/tmp/test_libkd_io_single_tree_unnamed.XXXXXX");
data/astrometry.net-0.80+dfsg/libkd/test_libkd_io.c:144:10: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd = mkstemp(fn);
data/astrometry.net-0.80+dfsg/libkd/test_libkd_io.c:170:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[1024];
data/astrometry.net-0.80+dfsg/libkd/test_libkd_io.c:180:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fn, "/tmp/test_libkd_io_single_tree_named.XXXXXX");
data/astrometry.net-0.80+dfsg/libkd/test_libkd_io.c:181:10: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd = mkstemp(fn);
data/astrometry.net-0.80+dfsg/libkd/test_libkd_io.c:218:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[1024];
data/astrometry.net-0.80+dfsg/libkd/test_libkd_io.c:235:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fn, "/tmp/test_libkd_io_two_trees.XXXXXX");
data/astrometry.net-0.80+dfsg/libkd/test_libkd_io.c:236:10: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd = mkstemp(fn);
data/astrometry.net-0.80+dfsg/qfits-an/anqfits.c:547:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(qf->filename, "rb");
data/astrometry.net-0.80+dfsg/qfits-an/anqfits.c:603:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tout, t, sizeof(anqfits_image_t));
data/astrometry.net-0.80+dfsg/qfits-an/anqfits.c:706:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char getval_buf[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/qfits-an/anqfits.c:707:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char getkey_buf[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/qfits-an/anqfits.c:708:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char getcom_buf[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/qfits-an/anqfits.c:709:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line_buf[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/qfits-an/anqfits.c:727:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(line_buf, line, FITS_LINESZ);
data/astrometry.net-0.80+dfsg/qfits-an/anqfits.c:752:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[32];
data/astrometry.net-0.80+dfsg/qfits-an/anqfits.c:754:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "NAXIS%i", i+1);
data/astrometry.net-0.80+dfsg/qfits-an/anqfits.c:782:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[FITS_BLOCK_SIZE];
data/astrometry.net-0.80+dfsg/qfits-an/anqfits.c:800:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin=fopen(filename, "r");
data/astrometry.net-0.80+dfsg/qfits-an/anqfits.c:1161:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(qf->filename, "rb");
data/astrometry.net-0.80+dfsg/qfits-an/anqfits.c:1235:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inlinebuf, rowstart, (off_t)img->bpp * (off_t)(x1-x0));
data/astrometry.net-0.80+dfsg/qfits-an/anqfits.c:1247:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outrowstart, inlinebuf, outrowsize);
data/astrometry.net-0.80+dfsg/qfits-an/md5.c:131:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void MD5Final(unsigned char digest[16], struct MD5Context *ctx)
data/astrometry.net-0.80+dfsg/qfits-an/md5.h:10:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[64];
data/astrometry.net-0.80+dfsg/qfits-an/md5.h:18:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void MD5Final(unsigned char digest[16], struct MD5Context *context);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:96:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cval[81];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:97:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cval2[81];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:98:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cval_q[81];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:99:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ccom[81];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char safe_line[512];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:112:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "END");
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:138:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (com==NULL) strcpy(ccom, "no comment");
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:213:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(key, " ");
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:218:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(key, "HISTORY");
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:222:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(key, "COMMENT");
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:226:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(key, "END");
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:231:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(key, "CONTINUE");
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:271:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char key[81];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:374:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char value[81];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:459:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char comment[81];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:468:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ws[81];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:479:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(expanded, "HIERARCH ESO");
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:512:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char expanded[81];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_error.c:94:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[QFITS_ERR_MSGSIZE];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_error.c:95:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char all[QFITS_ERR_MSGSIZE];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_error.c:112:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[QFITS_ERR_MSGSIZE];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_error.c:113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char all[QFITS_ERR_MSGSIZE];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_float.c:196:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&f, fnan_pat, 4);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_float.c:197:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d, dnan_pat, 8);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_float.c:210:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&f, finf_pat, 4);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_float.c:211:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d, dinf_pat, 8);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_float.c:224:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&f, fminf_pat, 4);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_float.c:225:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d, dminf_pat, 8);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_header.c:332:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exp_after[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_header.c:408:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xkey[FITS_LINESZ];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_header.c:451:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xkey[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_header.c:616:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xkey[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_header.c:775:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k->lin, lin, 80);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_header.c:800:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xkey[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_header.c:952:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[81];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_header.c:985:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[81];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_header.c:1030:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xkey[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_header.c:1183:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blankline[81];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_header.c:1191:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(line, k->lin, 80);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_image.c:198:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_out = fopen(qd->filename, "a");
data/astrometry.net-0.80+dfsg/qfits-an/qfits_image.c:297:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, buf, npix * sizeof(float));
data/astrometry.net-0.80+dfsg/qfits-an/qfits_image.c:316:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, &dpix, 8);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_image.c:382:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, &spix, 2);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_image.c:389:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, buf, npix * sizeof(int));
data/astrometry.net-0.80+dfsg/qfits-an/qfits_image.c:405:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, &fpix, 4);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_image.c:417:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, &dpix, 8);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_image.c:483:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, &spix, 2);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_image.c:501:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, &lpix, 4);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_image.c:513:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, &fpix, 4);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_image.c:520:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, buf, npix * 8);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_md5.c:83:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char datamd5[MD5HASHSZ+1];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_md5.c:85:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[16];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_md5.c:87:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[FITS_BLOCK_SIZE];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_md5.c:96:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((in=fopen(filename, "r"))==NULL) {
data/astrometry.net-0.80+dfsg/qfits-an/qfits_md5.c:177:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(datamd5,
data/astrometry.net-0.80+dfsg/qfits-an/qfits_memory.c:128:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char qfits_memory_tmpdirname[TMPDIRNAMESZ] = ".";
data/astrometry.net-0.80+dfsg/qfits-an/qfits_memory.c:175:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char * qfits_memory_p_filename[QFITS_MEMORY_MAXPTRS];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_memory.c:180:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char qfits_memory_p_memtype[QFITS_MEMORY_MAXPTRS];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_memory.c:188:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char qfits_memory_p_mm_filename[QFITS_MEMORY_MAXPTRS][MAPFILENAMESZ];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_memory.c:255:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wbuf[MEMPAGESZ];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_memory.c:317:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
swapfd = open(fname, O_RDWR | O_CREAT);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_memory.c:505:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd=open(name, O_RDONLY))==-1) {
data/astrometry.net-0.80+dfsg/qfits-an/qfits_memory.c:596:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd=open(name, O_RDONLY))==-1) {
data/astrometry.net-0.80+dfsg/qfits-an/qfits_memory.c:702:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd=open(name, O_RDONLY))==-1) {
data/astrometry.net-0.80+dfsg/qfits-an/qfits_memory.c:1103:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr2, ptr, small_sz);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_memory.c:1567:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char qfits_mem_tmpfilename[TMPFILENAMESZ];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_rw.c:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char getval_buf[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_rw.c:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char getkey_buf[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_rw.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char getcom_buf[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_rw.c:90:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[81];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_rw.c:194:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((out=fopen(filename, "a"))==NULL)
data/astrometry.net-0.80+dfsg/qfits-an/qfits_rw.c:220:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r"))==NULL) {
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:98:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, t, sizeof(qfits_table));
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:100:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->col, t->col, dest->nc * sizeof(qfits_col));
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[FITS_LINESZ + 1];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:156:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_val[FITS_LINESZ];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:157:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_val2[FITS_LINESZ];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:183:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_val, "%d", tab_width);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:185:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_val, "%d", (int)(t->nr));
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:189:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_val, "%d", (int)(t->nc));
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:194:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_val, "TFORM%d", i+1);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:198:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_val, "TTYPE%d", i+1);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:203:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_val, "TUNIT%d", i+1);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:210:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_val, "TZERO%d", i+1);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:211:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_val2, "%f", curr_col->zero);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:216:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_val, "TSCAL%d", i+1);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:217:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_val2, "%f", curr_col->scale);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:239:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_val, "%d", tab_width);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:241:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_val, "%d", (int)(t->nr));
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:245:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_val, "%d", (int)(t->nc));
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:256:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_val, "TTYPE%d", i+1);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:260:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_val, "TFORM%d", i+1);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:264:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_val, "TBCOL%d", i+1);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:265:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_val2, "%d", col_pos);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:270:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_val, "TUNIT%d", i+1);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:275:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_val, "TZERO%d", i+1);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:276:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_val2, "%f", curr_col->zero);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:281:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_val, "TSCAL%d", i+1);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:282:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_val2, "%f", curr_col->scale);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:423:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_val[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:424:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[FITSVALSZ];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:431:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[FITSVALSZ];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:432:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unit[FITSVALSZ];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:433:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char disp[FITSVALSZ];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:434:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nullval[FITSVALSZ];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:490:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(keyword, "TTYPE%d", i+1);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:494:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(keyword, "TUNIT%d", i+1);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:498:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(keyword, "TDISP%d", i+1);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:502:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(keyword, "TNULL%d", i+1);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:506:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(keyword, "TFORM%d", i+1);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:566:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(keyword, "TZERO%d", i+1);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:575:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(keyword, "TSCAL%d", i+1);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:592:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(keyword, "TBCOL%d", i+1);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:600:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(keyword, "TBCOL%d", i+2);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:732:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, inbuf, field_size);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:742:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, inbuf, field_size);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:838:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, inbuf, field_size);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:961:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, inbuf + (indices[i]*table_width), field_size);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:963:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, inbuf, field_size);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1101:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(field, &in_array[i*col->atom_nb], col->atom_nb);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1108:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
((int*)out_array)[i] = (int)atoi(field);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1122:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(field, &in_array[i*col->atom_nb], col->atom_nb);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1144:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(field, &in_array[i*col->atom_nb], col->atom_nb);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1194:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(atoi(col->nullval) == (int)((unsigned char*)out_array)[i])) {
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1204:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(atoi(col->nullval)==(int)((short*)out_array)[i])) {
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1214:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(atoi(col->nullval)==((int*)out_array)[i])) {
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1310:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(field, &in_array[i*col->atom_nb], col->atom_nb);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1317:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
((int*)out_array)[i] = (int)atoi(field);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1332:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(field, &in_array[i*col->atom_nb], col->atom_nb);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1355:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(field, &in_array[i*col->atom_nb], col->atom_nb);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1410:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(atoi(col->nullval)== (int)((unsigned char*)out_array)[i])) {
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1421:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(atoi(col->nullval)==(int)((short*)out_array)[i])) {
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1432:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(atoi(col->nullval)==((int*)out_array)[i])) {
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1519:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(field, &in_array[i*col->atom_nb], col->atom_nb);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1581:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(atoi(col->nullval)==(int)((unsigned char*)tmp_array)[i])) {
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1595:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(atoi(col->nullval)==(int)((short*)tmp_array)[i])) {
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1623:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(atoi(col->nullval)==((int*)tmp_array)[i])) {
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1806:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctmp[512];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1849:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(stmp, "%f", (float)(col->zero +
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1852:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(stmp, "%d", icol[0]);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1861:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(stmp, "%f", (float)(col->zero +
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1864:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(stmp, "%f", fcol[0]);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1872:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(stmp, "%f", (float)(col->zero +
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1875:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(stmp, "%g", dcol[0]);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1915:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctmp[512];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1964:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%f, ", (float)(col->zero +
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1969:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%f", (float)(col->zero +
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1975:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%d, ", (int)uccol[i]);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1979:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp,"%d",(int)uccol[col->atom_nb-1]);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1991:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%g, ", (double)((double)col->zero +
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1996:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%g", (double)((double)col->zero +
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2002:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%g, ", dcol[i]);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2006:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%g", dcol[col->atom_nb-1]);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2018:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%f, ", (float)(col->zero +
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2023:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%f", (float)(col->zero +
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2029:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%f, ", fcol[i]);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2033:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%f", fcol[col->atom_nb-1]);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2044:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%f, ", (float)(col->zero +
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2049:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%f", (float)(col->zero +
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2055:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%d, ", (int)scol[i]);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2059:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%d",(int)scol[col->atom_nb-1]);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2070:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%f, ", (float)(col->zero +
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2075:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%f", (float)(col->zero +
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2081:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%d, ", (int)icol[i]);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2085:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%d",(int)icol[col->atom_nb-1]);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2096:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%f, ", (float)(col->zero +
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2101:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%f", (float)(col->zero +
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2107:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%lld, ", (long long int)kcol[i]);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2111:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%lld", (long long int)kcol[col->atom_nb-1]);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2120:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%c, ", ccol[i]);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2124:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%c", ccol[col->atom_nb-1]);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2132:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%d, ", uccol[i]);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2136:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%d", uccol[col->atom_nb-1]);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2144:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%d, ", (int)icol[i]);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2148:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctmp, "%d",(int)icol[col->atom_nb-1]);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2176:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char l[1024+1];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2300:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sval[10];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2305:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
nb=sprintf(sval, "A%d.%d", col->atom_nb, col->atom_dec_nb); break;
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2307:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
nb=sprintf(sval, "D%d.%d", col->atom_nb, col->atom_dec_nb); break;
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2309:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
nb=sprintf(sval, "E%d.%d", col->atom_nb, col->atom_dec_nb); break;
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2311:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
nb=sprintf(sval, "I%d.%d", col->atom_nb, col->atom_dec_nb); break;
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2313:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
nb=sprintf(sval, "F%d.%d", col->atom_nb, col->atom_dec_nb); break;
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2314:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case TFITS_BIN_TYPE_D: nb=sprintf(sval, "%dD", col->atom_nb); break;
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2315:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case TFITS_BIN_TYPE_E: nb=sprintf(sval, "%dE", col->atom_nb); break;
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2316:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case TFITS_BIN_TYPE_I: nb=sprintf(sval, "%dI", col->atom_nb); break;
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2317:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case TFITS_BIN_TYPE_A: nb=sprintf(sval, "%dA", col->atom_nb); break;
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2318:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case TFITS_BIN_TYPE_B: nb=sprintf(sval, "%dB", col->atom_nb); break;
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2319:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case TFITS_BIN_TYPE_C: nb=sprintf(sval, "%dC",
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2321:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case TFITS_BIN_TYPE_J: nb=sprintf(sval, "%dJ", col->atom_nb); break;
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2322:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case TFITS_BIN_TYPE_K: nb=sprintf(sval, "%dK", col->atom_nb); break;
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2323:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case TFITS_BIN_TYPE_L: nb=sprintf(sval, "%dL", col->atom_nb); break;
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2324:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case TFITS_BIN_TYPE_M: nb=sprintf(sval, "%dM",
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2326:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case TFITS_BIN_TYPE_P: nb=sprintf(sval, "%dP",
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2328:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case TFITS_BIN_TYPE_X: nb=sprintf(sval, "%dX",
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2438:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char field[1024];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2458:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
r = (unsigned char *)array[i];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2459:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
inbuf = (unsigned char *)(data[i]);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2473:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(field, "%g", ((double*)data[i])[j]);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2479:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(field, "%f", ((float*)data[i])[j]);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2484:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(field, "%d", ((int*)data[i])[j]);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2490:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, field, curr_col->atom_nb);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2496:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, inbuf, field_size);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2523:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(line, r, field_size);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_time.c:117:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char date_iso8601[20];
data/astrometry.net-0.80+dfsg/qfits-an/qfits_time.c:124:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(date_iso8601, "%04d-%02d-%02dT%02d:%02d:%02d",
data/astrometry.net-0.80+dfsg/qfits-an/test/test_pixio.c:67:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char md5sigs[FITS_NBITPIX][33] =
data/astrometry.net-0.80+dfsg/qfits-an/test/test_pixio.c:108:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_out[8];
data/astrometry.net-0.80+dfsg/qfits-an/test/test_pixio.c:112:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s_out, "%d", TEST_LX);
data/astrometry.net-0.80+dfsg/qfits-an/test/test_pixio.c:114:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s_out, "%d", TEST_LY);
data/astrometry.net-0.80+dfsg/qfits-an/test/test_pixio.c:116:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s_out, "%d", qd->out_ptype);
data/astrometry.net-0.80+dfsg/qfits-an/test/test_pixio.c:119:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(qd->filename, "w");
data/astrometry.net-0.80+dfsg/qfits-an/test/test_pixio.c:160:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024] ;
data/astrometry.net-0.80+dfsg/qfits-an/test/test_pixio.c:356:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024];
data/astrometry.net-0.80+dfsg/qfits-an/test/test_pixio.c:541:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024];
data/astrometry.net-0.80+dfsg/qfits-an/test/test_qfits.c:230:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(filename, "w");
data/astrometry.net-0.80+dfsg/qfits-an/test/test_qfits.c:407:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[80], val[80], com[80] ;
data/astrometry.net-0.80+dfsg/qfits-an/test/test_qfits.c:499:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(filename, "w");
data/astrometry.net-0.80+dfsg/qfits-an/test/test_qfits.c:523:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(filename, "a");
data/astrometry.net-0.80+dfsg/qfits-an/test/test_qfits.c:563:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(filename, "a");
data/astrometry.net-0.80+dfsg/qfits-an/test/test_qfits.c:603:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(filename, "a");
data/astrometry.net-0.80+dfsg/qfits-an/test/test_tfits.c:312:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[512] ;
data/astrometry.net-0.80+dfsg/sdss/cutils_wrap.c:633:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char hex[17] = "0123456789abcdef";
data/astrometry.net-0.80+dfsg/sdss/cutils_wrap.c:795:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newstr, cstr, len+1);
data/astrometry.net-0.80+dfsg/sdss/cutils_wrap.c:1778:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[SWIG_BUFFER_SIZE];
data/astrometry.net-0.80+dfsg/sdss/cutils_wrap.c:1789:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[SWIG_BUFFER_SIZE];
data/astrometry.net-0.80+dfsg/sdss/cutils_wrap.c:1919:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pack, ptr, size);
data/astrometry.net-0.80+dfsg/sdss/cutils_wrap.c:1937:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, sobj->pack, size);
data/astrometry.net-0.80+dfsg/sdss/cutils_wrap.c:2481:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mesg[256];
data/astrometry.net-0.80+dfsg/sdss/cutils_wrap.c:3683:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gv->name, name, size);
data/astrometry.net-0.80+dfsg/sdss/cutils_wrap.c:3764:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff, methods[i].ml_doc, ldoc);
data/astrometry.net-0.80+dfsg/sdss/cutils_wrap.c:3766:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff, "swig_ptr: ", 10);
data/astrometry.net-0.80+dfsg/util/an-fitstopnm.c:174:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ext = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/an-fitstopnm.c:177:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
plane = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/an-fitstopnm.c:180:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
margin = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/an-fitstopnm.c:204:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(outfn, "wb");
data/astrometry.net-0.80+dfsg/util/an-pnmtofits.c:194:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(infn, "rb");
data/astrometry.net-0.80+dfsg/util/an-pnmtofits.c:201:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(outfn, "wb");
data/astrometry.net-0.80+dfsg/util/anwcs.c:382:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[81];
data/astrometry.net-0.80+dfsg/util/anwcs.c:383:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spaces[81];
data/astrometry.net-0.80+dfsg/util/anwcs.c:384:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[32];
data/astrometry.net-0.80+dfsg/util/anwcs.c:415:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(val, "%i", anwcslib->imagew);
data/astrometry.net-0.80+dfsg/util/anwcs.c:418:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(val, "%i", anwcslib->imageh);
data/astrometry.net-0.80+dfsg/util/anwcs.c:453:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fid = fopen(filename, "wb");
data/astrometry.net-0.80+dfsg/util/anwcs.c:830:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(anwcs->data, sip, sizeof(sip_t));
data/astrometry.net-0.80+dfsg/util/anwcs.c:1570:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[64];
data/astrometry.net-0.80+dfsg/util/anwcs.c:1629:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[64];
data/astrometry.net-0.80+dfsg/util/bl.c:116:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NODE_CHARDATA(newnode),
data/astrometry.net-0.80+dfsg/util/bl.c:439:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, data, list->datasize);
data/astrometry.net-0.80+dfsg/util/bl.c:475:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, list->datasize);
data/astrometry.net-0.80+dfsg/util/bl.c:582:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataloc, data, list->datasize);
data/astrometry.net-0.80+dfsg/util/bl.c:637:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NODE_CHARDATA(destnode), data, list->datasize);
data/astrometry.net-0.80+dfsg/util/bl.c:640:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NODE_CHARDATA(destnode), NODE_CHARDATA(node) + (node->N-1)*list->datasize, list->datasize);
data/astrometry.net-0.80+dfsg/util/bl.c:647:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NODE_CHARDATA(node) + localindex * list->datasize, data, list->datasize);
data/astrometry.net-0.80+dfsg/util/bl.c:662:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NODE_CHARDATA(node) + localindex * list->datasize,
data/astrometry.net-0.80+dfsg/util/bl.c:698:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, take * list->datasize);
data/astrometry.net-0.80+dfsg/util/bl.c:1179:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rtn + offset, join, JL);
data/astrometry.net-0.80+dfsg/util/bl.c:1182:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rtn + offset, str, L);
data/astrometry.net-0.80+dfsg/util/bt.c:238:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(overflow, get_element(tree, leaf, leaf->N-1), tree->datasize);
data/astrometry.net-0.80+dfsg/util/bt.c:241:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(overflow, data, tree->datasize);
data/astrometry.net-0.80+dfsg/util/bt.c:252:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(get_element(tree, leaf, index), data, tree->datasize);
data/astrometry.net-0.80+dfsg/util/bt.c:360:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char da[AVL_MAX_HEIGHT]; /* Cached comparison results. */
data/astrometry.net-0.80+dfsg/util/bt.c:362:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char overflow[tree->datasize];
data/astrometry.net-0.80+dfsg/util/cairoutils.c:308:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(fn, "rb");
data/astrometry.net-0.80+dfsg/util/cairoutils.c:321:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(fn, "rb");
data/astrometry.net-0.80+dfsg/util/cairoutils.c:523:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(outfn, "wb");
data/astrometry.net-0.80+dfsg/util/cairoutils.c:727:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(infn, "rb");
data/astrometry.net-0.80+dfsg/util/cfitsutils.h:17:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[FLEN_ERRMSG];
data/astrometry.net-0.80+dfsg/util/coadd-main.c:82:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
plane = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/coadd-main.c:94:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
outwcsext = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/coadd-main.c:103:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
order = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/coadd-main.c:119:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
il_append(inimgexts, atoi(args[6*i+1]));
data/astrometry.net-0.80+dfsg/util/coadd-main.c:121:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
il_append(inwtexts, atoi(args[6*i+3]));
data/astrometry.net-0.80+dfsg/util/coadd-main.c:123:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
il_append(inwcsexts, atoi(args[6*i+5]));
data/astrometry.net-0.80+dfsg/util/cutest.c:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[2];
data/astrometry.net-0.80+dfsg/util/cutest.c:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[HUGE_STRING_LEN];
data/astrometry.net-0.80+dfsg/util/cutest.c:135:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str->buffer + pos, text, length);
data/astrometry.net-0.80+dfsg/util/cutest.c:186:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[HUGE_STRING_LEN];
data/astrometry.net-0.80+dfsg/util/cutest.c:249:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[STRING_MAX];
data/astrometry.net-0.80+dfsg/util/cutest.c:251:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "expected <%d> but was <%d>", expected, actual);
data/astrometry.net-0.80+dfsg/util/cutest.c:258:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[STRING_MAX];
data/astrometry.net-0.80+dfsg/util/cutest.c:260:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "expected <%lf> but was <%lf>", expected, actual);
data/astrometry.net-0.80+dfsg/util/cutest.c:267:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[STRING_MAX];
data/astrometry.net-0.80+dfsg/util/cutest.c:269:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "expected pointer <0x%p> but was <0x%p>", expected, actual);
data/astrometry.net-0.80+dfsg/util/downsample-fits.c:65:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
scale = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/downsample-fits.c:68:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ext = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/downsample-fits.c:96:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(outfn, "wb");
data/astrometry.net-0.80+dfsg/util/downsample-fits.c:189:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[nbytes];
data/astrometry.net-0.80+dfsg/util/downsample-fits.c:210:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[2880];
data/astrometry.net-0.80+dfsg/util/dselip.c:22:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sorted_data, arr, sizeof(float)*n);
data/astrometry.net-0.80+dfsg/util/dselip.c:44:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(past_data, arr, sizeof(float) * n);
data/astrometry.net-0.80+dfsg/util/errors.c:224:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/astrometry.net-0.80+dfsg/util/fit-wcs-main.c:83:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
W = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/fit-wcs-main.c:86:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
H = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/fit-wcs-main.c:100:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
siporder = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/fit-wcs.c:105:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tanin2, tanin1, sizeof(tan_t));
data/astrometry.net-0.80+dfsg/util/fit-wcs.c:108:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(sipout->wcstan), tanin, sizeof(tan_t));
data/astrometry.net-0.80+dfsg/util/fit-wcs.c:455:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tanin2, tanin1, sizeof(tan_t));
data/astrometry.net-0.80+dfsg/util/fit-wcs.c:458:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(sipout->wcstan), tanin, sizeof(tan_t));
data/astrometry.net-0.80+dfsg/util/fit-wcs.c:709:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tanout, tanin, sizeof(tan_t));
data/astrometry.net-0.80+dfsg/util/fits-column-merge.c:123:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
afid = fopen(afn, "rb");
data/astrometry.net-0.80+dfsg/util/fits-column-merge.c:128:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bfid = fopen(bfn, "rb");
data/astrometry.net-0.80+dfsg/util/fits-column-merge.c:149:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outtable->col, atable->col, atable->nc * sizeof(qfits_col));
data/astrometry.net-0.80+dfsg/util/fits-column-merge.c:150:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outtable->col + atable->nc, btable->col, btable->nc * sizeof(qfits_col));
data/astrometry.net-0.80+dfsg/util/fits-column-merge.c:164:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfid = fopen(outfn, "wb");
data/astrometry.net-0.80+dfsg/util/fits-flip-endian.c:49:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
il_append(exts, atoi(optarg));
data/astrometry.net-0.80+dfsg/util/fits-flip-endian.c:52:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
il_append(sizes, atoi(optarg));
data/astrometry.net-0.80+dfsg/util/fits-flip-endian.c:76:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(infn, "rb");
data/astrometry.net-0.80+dfsg/util/fits-flip-endian.c:115:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(outfn, "wb");
data/astrometry.net-0.80+dfsg/util/fits-flip-endian.c:150:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[size];
data/astrometry.net-0.80+dfsg/util/fitsbin.c:266:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempdata[chunk->itemsize];
data/astrometry.net-0.80+dfsg/util/fitsbin.c:271:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempdata, chunk->data + i*chunk->itemsize, chunk->itemsize);
data/astrometry.net-0.80+dfsg/util/fitsbin.c:493:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((char*)chunk->data) + (size_t)i * (size_t)chunk->itemsize,
data/astrometry.net-0.80+dfsg/util/fitsbin.c:554:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fb->fid = fopen(fits->filename, "rb");
data/astrometry.net-0.80+dfsg/util/fitsbin.c:614:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fb->fid = fopen(fb->filename, "wb");
data/astrometry.net-0.80+dfsg/util/fitsgetext.c:80:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
il_append(exts, atoi(optarg));
data/astrometry.net-0.80+dfsg/util/fitsgetext.c:161:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(infn, "rb");
data/astrometry.net-0.80+dfsg/util/fitsgetext.c:176:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(outfn, "wb");
data/astrometry.net-0.80+dfsg/util/fitsgetext.c:189:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[256];
data/astrometry.net-0.80+dfsg/util/fitsgetext.c:191:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(fn, "wb");
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:52:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(fn, "wb");
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:76:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, tbl, sizeof(qfits_table));
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:78:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->col, tbl->col, tbl->nc * sizeof(qfits_col));
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:127:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_out = fopen(qd->filename, "a");
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:138:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:216:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(fn, "w");
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:244:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(fn, "a");
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:341:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:342:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:343:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char com[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:344:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lin[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:357:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pretty[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:368:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[FITS_LINESZ + 1];
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:413:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[FITS_LINESZ + 1];
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:566:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:570:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:571:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:633:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[FITS_LINESZ + 1];
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:697:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char copy[80];
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:796:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:797:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:798:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char com[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:799:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lin[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:848:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fid = fopen(filename, "ab");
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:1041:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fits_endian_string[16];
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:1049:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fits_endian_string, "%02x:%02x:%02x:%02x", (uint)cptr[0], (uint)cptr[1], (uint)cptr[2], (uint)cptr[3]);
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:1201:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pretty[FITS_LINESZ+1];
data/astrometry.net-0.80+dfsg/util/fitstable.c:209:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cdest, bl_access(table->rows, row0 + i), R);
data/astrometry.net-0.80+dfsg/util/fitstable.c:213:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
table->readfid = fopen(table->fn, "rb");
data/astrometry.net-0.80+dfsg/util/fitstable.c:652:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((char*)dest) + j * stride,
data/astrometry.net-0.80+dfsg/util/fitstable.c:732:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(thisrow + rowoff, columndata, nb);
data/astrometry.net-0.80+dfsg/util/fitstable.c:829:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((char*)bl_access(table->rows, rowoffset + i)) + off,
data/astrometry.net-0.80+dfsg/util/fitstable.c:953:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fitsdata + i * fitsstride,
data/astrometry.net-0.80+dfsg/util/fitstable.c:958:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fitsdata + i * fitsstride,
data/astrometry.net-0.80+dfsg/util/fitstable.c:1206:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tab->fid = fopen(fn, mode);
data/astrometry.net-0.80+dfsg/util/get-healpix.c:61:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
healpix = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/get-healpix.c:73:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Nside = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/healpix.c:1329:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(closestxyz, xyz, 3*sizeof(double));
data/astrometry.net-0.80+dfsg/util/healpix.c:1396:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(closestxyz, midxyz, 3*sizeof(double));
data/astrometry.net-0.80+dfsg/util/hpsplit.c:139:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nside = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/hpsplit.c:234:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(maxcaps[i].xyz, cxyz, 3 * sizeof(double));
data/astrometry.net-0.80+dfsg/util/hpsplit.c:523:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(padrowdata, rowdata, R);
data/astrometry.net-0.80+dfsg/util/hpsplit.c:524:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(padrowdata + R, &brfile, sizeof(int16_t));
data/astrometry.net-0.80+dfsg/util/hpsplit.c:525:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(padrowdata + R + sizeof(int16_t), &brind, sizeof(int32_t));
data/astrometry.net-0.80+dfsg/util/hpsplit.c:535:42: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outtables[hp]->fid = fopen(outfn, "r+b");
data/astrometry.net-0.80+dfsg/util/ioutils.c:37:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fin = fopen(infn, "rb");
data/astrometry.net-0.80+dfsg/util/ioutils.c:38:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fout = fopen(outfn, "wb");
data/astrometry.net-0.80+dfsg/util/ioutils.c:123:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*first, str, n);
data/astrometry.net-0.80+dfsg/util/ioutils.c:130:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*second, sec, n);
data/astrometry.net-0.80+dfsg/util/ioutils.c:137:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fid = fopen(fn, "wb");
data/astrometry.net-0.80+dfsg/util/ioutils.c:157:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/astrometry.net-0.80+dfsg/util/ioutils.c:176:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fid = fopen(filename, "ab");
data/astrometry.net-0.80+dfsg/util/ioutils.c:247:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/astrometry.net-0.80+dfsg/util/ioutils.c:440:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf[1024];
data/astrometry.net-0.80+dfsg/util/ioutils.c:441:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1024];
data/astrometry.net-0.80+dfsg/util/ioutils.c:655:11: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fid = mkstemp(tempfile);
data/astrometry.net-0.80+dfsg/util/ioutils.c:691:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(fn, "r");
data/astrometry.net-0.80+dfsg/util/ioutils.c:730:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(fn, "rb");
data/astrometry.net-0.80+dfsg/util/ioutils.c:770:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(fn, "rb");
data/astrometry.net-0.80+dfsg/util/ioutils.c:1094:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%.*s", length, s);
data/astrometry.net-0.80+dfsg/util/jpl.c:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char adstr[5];
data/astrometry.net-0.80+dfsg/util/jpl.c:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datestr[12];
data/astrometry.net-0.80+dfsg/util/jpl.c:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestr[14];
data/astrometry.net-0.80+dfsg/util/jpl.c:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tzstr[5];
data/astrometry.net-0.80+dfsg/util/log.c:27:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(l, user, sizeof(log_t));
data/astrometry.net-0.80+dfsg/util/md5.c:192:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *) (ctx->buffer + left),
data/astrometry.net-0.80+dfsg/util/md5.c:209:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *) (ctx->buffer + left),
data/astrometry.net-0.80+dfsg/util/pad-file.c:39:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
padchar = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/pad-file.c:60:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
padtolen = atol(args[0]);
data/astrometry.net-0.80+dfsg/util/permutedsort.c:42:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(coutput + i * elemsize, cinput + perm[i] * elemsize, elemsize);
data/astrometry.net-0.80+dfsg/util/permutedsort.c:45:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outarray, temparr, elemsize * Nperm);
data/astrometry.net-0.80+dfsg/util/resample-main.c:167:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fitsext = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/resample-main.c:173:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
order = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/scamp.c:65:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(outfn, "w");
data/astrometry.net-0.80+dfsg/util/search-index.c:173:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rowbuf + tagsize, radecs+2*j+0, sizeof(double));
data/astrometry.net-0.80+dfsg/util/search-index.c:174:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rowbuf + tagsize + sizeof(double), radecs+2*j+1, sizeof(double));
data/astrometry.net-0.80+dfsg/util/sip.c:31:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(sip->wcstan), tan, sizeof(tan_t));
data/astrometry.net-0.80+dfsg/util/sip.c:63:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, sizeof(sip_t));
data/astrometry.net-0.80+dfsg/util/sip_qfits.c:49:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, &sip, sizeof(sip_t));
data/astrometry.net-0.80+dfsg/util/sip_qfits.c:82:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(fn, "wb");
data/astrometry.net-0.80+dfsg/util/sip_qfits.c:115:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(fn, "wb");
data/astrometry.net-0.80+dfsg/util/sip_qfits.c:199:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[64];
data/astrometry.net-0.80+dfsg/util/sip_qfits.c:310:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[64];
data/astrometry.net-0.80+dfsg/util/sip_qfits.c:343:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pretty[FITS_LINESZ];
data/astrometry.net-0.80+dfsg/util/sip_qfits.c:425:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, &sip, sizeof(sip_t));
data/astrometry.net-0.80+dfsg/util/sip_qfits.c:554:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, &tan, sizeof(tan_t));
data/astrometry.net-0.80+dfsg/util/starutil.c:115:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*term1 = atoi(s);
data/astrometry.net-0.80+dfsg/util/starutil.c:121:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*term2 = atoi(s);
data/astrometry.net-0.80+dfsg/util/starutil.c:347:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%02i:%02i:%02i.%03i", h, m, ss, ds);
data/astrometry.net-0.80+dfsg/util/starutil.c:369:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%c%02i:%02i:%02i.%03i", (sign==1 ? '+':'-'), d, m, ss, ds);
data/astrometry.net-0.80+dfsg/util/starxy.c:145:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res, xy->x, sizeof(double) * starxy_n(xy));
data/astrometry.net-0.80+dfsg/util/starxy.c:151:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res, xy->y, sizeof(double) * starxy_n(xy));
data/astrometry.net-0.80+dfsg/util/starxy.c:181:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->x, x, s->N * sizeof(double));
data/astrometry.net-0.80+dfsg/util/starxy.c:184:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->y, y, s->N * sizeof(double));
data/astrometry.net-0.80+dfsg/util/starxy.c:187:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->flux, f, s->N * sizeof(double));
data/astrometry.net-0.80+dfsg/util/starxy.c:191:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->background, f, s->N * sizeof(double));
data/astrometry.net-0.80+dfsg/util/subtable.c:72:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(infn, "rb");
data/astrometry.net-0.80+dfsg/util/subtable.c:78:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(outfn, "wb");
data/astrometry.net-0.80+dfsg/util/tabsort.c:31:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(infn, "rb");
data/astrometry.net-0.80+dfsg/util/tabsort.c:37:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(outfn, "wb");
data/astrometry.net-0.80+dfsg/util/test_anwcs.c:210:20: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (write_file(tmpfile, wcsliteral, strlen(wcsliteral))) {
data/astrometry.net-0.80+dfsg/util/test_anwcs.c:211:54: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
ERROR("Failed to write WCS to temp file %s", tmpfile);
data/astrometry.net-0.80+dfsg/util/test_anwcs.c:215:32: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
tan = tan_read_header_file(tmpfile, NULL);
data/astrometry.net-0.80+dfsg/util/test_anwcs.c:220:39: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
anwcs = anwcs_open_wcslib(tmpfile, 0);
data/astrometry.net-0.80+dfsg/util/test_anwcs.c:222:36: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
anwcs = anwcs_open_sip(tmpfile, 0);
data/astrometry.net-0.80+dfsg/util/test_ctmf.c:26:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char results[sizeof(test_data)];
data/astrometry.net-0.80+dfsg/util/test_dsmooth.c:61:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(img_orig, img, bites);
data/astrometry.net-0.80+dfsg/util/test_dsmooth.c:107:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(smooth1, img, bites);
data/astrometry.net-0.80+dfsg/util/test_endian.c:15:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char test64[8] = { 1, 2, 3, 4, 5, 6, 7, 8 };
data/astrometry.net-0.80+dfsg/util/test_endian.c:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char test32[4] = { 1, 2, 3, 4 };
data/astrometry.net-0.80+dfsg/util/test_endian.c:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char test16[2] = { 1, 2 };
data/astrometry.net-0.80+dfsg/util/test_fit_wcs.c:52:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(wcs2.wcstan), &(wcs.wcstan), sizeof(tan_t));
data/astrometry.net-0.80+dfsg/util/test_fitsbin.c:13:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fn[256];
data/astrometry.net-0.80+dfsg/util/test_fitsbin.c:14:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fn, "/tmp/test-fitsbin-%i", i);
data/astrometry.net-0.80+dfsg/util/test_fitsioutils.c:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/astrometry.net-0.80+dfsg/util/test_fitstable.c:16:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fn[256];
data/astrometry.net-0.80+dfsg/util/test_fitstable.c:17:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fn, "/tmp/test-fitstable-%i", i);
data/astrometry.net-0.80+dfsg/util/test_ioutils.c:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[10240];
data/astrometry.net-0.80+dfsg/util/test_ioutils.c:189:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(tmpfn, "wb");
data/astrometry.net-0.80+dfsg/util/test_log.c:70:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f1 = fopen(fn1, "w");
data/astrometry.net-0.80+dfsg/util/test_log.c:71:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f2 = fopen(fn2, "w");
data/astrometry.net-0.80+dfsg/util/test_rdlist.c:12:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fn[256];
data/astrometry.net-0.80+dfsg/util/test_rdlist.c:13:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fn, "/tmp/test-rdlist-%i", i);
data/astrometry.net-0.80+dfsg/util/test_starutil.c:13:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rastr[32], decstr[32];
data/astrometry.net-0.80+dfsg/util/test_wcs.c:34:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, hdr, len);
data/astrometry.net-0.80+dfsg/util/test_wcs.c:36:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str + hlen - 80, "END", 3);
data/astrometry.net-0.80+dfsg/util/test_xylist.c:15:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fn[256];
data/astrometry.net-0.80+dfsg/util/test_xylist.c:16:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fn, "/tmp/test-xylist-%i", i);
data/astrometry.net-0.80+dfsg/util/tpv.c:57:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(tpv->wcstan), tan, sizeof(tan_t));
data/astrometry.net-0.80+dfsg/util/tpv.c:89:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, sizeof(tpv_t));
data/astrometry.net-0.80+dfsg/util/util_wrap.c:633:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char hex[17] = "0123456789abcdef";
data/astrometry.net-0.80+dfsg/util/util_wrap.c:795:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newstr, cstr, len+1);
data/astrometry.net-0.80+dfsg/util/util_wrap.c:1778:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[SWIG_BUFFER_SIZE];
data/astrometry.net-0.80+dfsg/util/util_wrap.c:1789:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[SWIG_BUFFER_SIZE];
data/astrometry.net-0.80+dfsg/util/util_wrap.c:1919:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pack, ptr, size);
data/astrometry.net-0.80+dfsg/util/util_wrap.c:1937:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, sobj->pack, size);
data/astrometry.net-0.80+dfsg/util/util_wrap.c:2481:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mesg[256];
data/astrometry.net-0.80+dfsg/util/util_wrap.c:3191:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, PyArray_DATA((PyArrayObject*)np_arr), sizeof(float)*N);
data/astrometry.net-0.80+dfsg/util/util_wrap.c:3819:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
*cptr = (char *)memcpy(malloc((len + 1)*sizeof(char)), cstr, sizeof(char)*(len + 1));
data/astrometry.net-0.80+dfsg/util/util_wrap.c:3861:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
*cptr = (char *)memcpy(malloc((len + 1)*sizeof(char)), cstr, sizeof(char)*(len + 1));
data/astrometry.net-0.80+dfsg/util/util_wrap.c:4109:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, other, sizeof(tan_t));
data/astrometry.net-0.80+dfsg/util/util_wrap.c:4232:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, other, sizeof(sip_t));
data/astrometry.net-0.80+dfsg/util/util_wrap.c:4237:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(t->wcstan), other, sizeof(tan_t));
data/astrometry.net-0.80+dfsg/util/util_wrap.c:4247:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sub, self, sizeof(sip_t));
data/astrometry.net-0.80+dfsg/util/util_wrap.c:5265:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (csize) memcpy(val, cptr, csize*sizeof(char));
data/astrometry.net-0.80+dfsg/util/util_wrap.c:7777:37: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
arg1->indexfn = (char *)(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
data/astrometry.net-0.80+dfsg/util/util_wrap.c:7838:39: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
arg1->indexname = (char *)(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
data/astrometry.net-0.80+dfsg/util/util_wrap.c:8263:37: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
arg1->cutband = (char *)(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
data/astrometry.net-0.80+dfsg/util/util_wrap.c:11954:48: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
resultobj = SWIG_NewPointerObj((tfits_type *)memcpy((tfits_type *)calloc(1,sizeof(tfits_type)),&result,sizeof(tfits_type)), SWIGTYPE_p_tfits_type, SWIG_POINTER_OWN | 0 );
data/astrometry.net-0.80+dfsg/util/util_wrap.c:13085:45: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
resultobj = SWIG_NewPointerObj((int64_t *)memcpy((int64_t *)calloc(1,sizeof(int64_t)),&result,sizeof(int64_t)), SWIGTYPE_p_int64_t, SWIG_POINTER_OWN | 0 );
data/astrometry.net-0.80+dfsg/util/util_wrap.c:13325:45: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
resultobj = SWIG_NewPointerObj((int64_t *)memcpy((int64_t *)calloc(1,sizeof(int64_t)),&result,sizeof(int64_t)), SWIGTYPE_p_int64_t, SWIG_POINTER_OWN | 0 );
data/astrometry.net-0.80+dfsg/util/util_wrap.c:13371:45: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
resultobj = SWIG_NewPointerObj((int64_t *)memcpy((int64_t *)calloc(1,sizeof(int64_t)),&result,sizeof(int64_t)), SWIGTYPE_p_int64_t, SWIG_POINTER_OWN | 0 );
data/astrometry.net-0.80+dfsg/util/util_wrap.c:13517:45: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
resultobj = SWIG_NewPointerObj((int64_t *)memcpy((int64_t *)calloc(1,sizeof(int64_t)),&result,sizeof(int64_t)), SWIGTYPE_p_int64_t, SWIG_POINTER_OWN | 0 );
data/astrometry.net-0.80+dfsg/util/util_wrap.c:13563:45: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
resultobj = SWIG_NewPointerObj((int64_t *)memcpy((int64_t *)calloc(1,sizeof(int64_t)),&result,sizeof(int64_t)), SWIGTYPE_p_int64_t, SWIG_POINTER_OWN | 0 );
data/astrometry.net-0.80+dfsg/util/util_wrap.c:13667:45: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
resultobj = SWIG_NewPointerObj((int64_t *)memcpy((int64_t *)calloc(1,sizeof(int64_t)),&result,sizeof(int64_t)), SWIGTYPE_p_int64_t, SWIG_POINTER_OWN | 0 );
data/astrometry.net-0.80+dfsg/util/util_wrap.c:13787:45: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
resultobj = SWIG_NewPointerObj((int64_t *)memcpy((int64_t *)calloc(1,sizeof(int64_t)),&result,sizeof(int64_t)), SWIGTYPE_p_int64_t, SWIG_POINTER_OWN | 0 );
data/astrometry.net-0.80+dfsg/util/util_wrap.c:13859:45: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
resultobj = SWIG_NewPointerObj((int64_t *)memcpy((int64_t *)calloc(1,sizeof(int64_t)),&result,sizeof(int64_t)), SWIGTYPE_p_int64_t, SWIG_POINTER_OWN | 0 );
data/astrometry.net-0.80+dfsg/util/util_wrap.c:31832:52: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
resultobj = SWIG_NewPointerObj((dimage_label_t *)memcpy((dimage_label_t *)calloc(1,sizeof(dimage_label_t)),&result,sizeof(dimage_label_t)), SWIGTYPE_p_int32_t, SWIG_POINTER_OWN | 0 );
data/astrometry.net-0.80+dfsg/util/util_wrap.c:34607:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gv->name, name, size);
data/astrometry.net-0.80+dfsg/util/util_wrap.c:34688:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff, methods[i].ml_doc, ldoc);
data/astrometry.net-0.80+dfsg/util/util_wrap.c:34690:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff, "swig_ptr: ", 10);
data/astrometry.net-0.80+dfsg/util/wcs-pv2sip-main.c:70:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
order = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/wcs-pv2sip-main.c:73:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
W = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/wcs-pv2sip-main.c:76:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
H = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/wcs-pv2sip-main.c:97:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ext = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/wcs-pv2sip.c:212:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[10];
data/astrometry.net-0.80+dfsg/util/wcs-pv2sip.c:220:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "PV1_%i", i);
data/astrometry.net-0.80+dfsg/util/wcs-pv2sip.c:222:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "PV2_%i", i);
data/astrometry.net-0.80+dfsg/util/wcs-pv2sip.c:399:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(txthdr, prefix, np);
data/astrometry.net-0.80+dfsg/util/wcs-pv2sip.c:401:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(txthdr + np + i*FITS_LINESZ, sl_get(lines, i), strlen(sl_get(lines, i)));
data/astrometry.net-0.80+dfsg/util/wcs-rd2xy-main.c:72:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ext = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/wcs-rd2xy-main.c:90:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
il_append(fields, atoi(optarg));
data/astrometry.net-0.80+dfsg/util/wcs-resample-main.c:57:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
inwcsext = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/wcs-resample-main.c:60:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
inimgext = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/wcs-resample-main.c:63:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
outwcsext = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/wcs-resample-main.c:66:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Lorder = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/wcs-to-tan.c:81:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ext = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/wcs-to-tan.c:84:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
N = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/wcs-xy2rd-main.c:86:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ext = atoi(optarg);
data/astrometry.net-0.80+dfsg/util/wcs-xy2rd-main.c:104:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
il_append(fields, atoi(optarg));
data/astrometry.net-0.80+dfsg/util/wcs-xy2rd-main.c:155:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[32];
data/astrometry.net-0.80+dfsg/util/wcsinfo.c:52:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rastr[32];
data/astrometry.net-0.80+dfsg/util/wcsinfo.c:53:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char decstr[32];
data/astrometry.net-0.80+dfsg/util/wcsinfo.c:58:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ext = atoi(optarg);
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:772:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pnmfn) + 1 >= strlen(line)) {
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:772:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pnmfn) + 1 >= strlen(line)) {
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:776:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line += strlen(pnmfn) + 1;
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:778:17: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(line, " P%cM %255s %d by %d",
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:886:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write_file(paramfn, paramstr, strlen(paramstr))) {
data/astrometry.net-0.80+dfsg/blind/augment-xylist.c:908:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write_file(filterfn, filterstr, strlen(filterstr))) {
data/astrometry.net-0.80+dfsg/blind/blind.c:915:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(template.fieldname, idstr, sizeof(template.fieldname) - 1);
data/astrometry.net-0.80+dfsg/blind/blind.c:1203:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mo->fieldname)) {
data/astrometry.net-0.80+dfsg/blind/blind.c:1306:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mo->fieldname))
data/astrometry.net-0.80+dfsg/blind/demo_dsmooth.c:124:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outpath_old[strlen(outpath_old)-4] = '\0';
data/astrometry.net-0.80+dfsg/blind/demo_dsmooth.c:130:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outpath_new[strlen(outpath_new)-4] = '\0';
data/astrometry.net-0.80+dfsg/blind/engine-main.c:312:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(jobfn) == 0)
data/astrometry.net-0.80+dfsg/blind/engine.c:54:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) && name[0] == '/') {
data/astrometry.net-0.80+dfsg/blind/engine.c:266:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (line[strlen(line) - 1] == '\n')
data/astrometry.net-0.80+dfsg/blind/engine.c:267:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line) - 1] = '\0';
data/astrometry.net-0.80+dfsg/blind/fitsverify.c:153:17: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(errormode,"e");
data/astrometry.net-0.80+dfsg/blind/ftverify.c:266:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(prstat && strlen(p) && strcmp(p, "STDOUT") && strcmp(p, "STDERR")
data/astrometry.net-0.80+dfsg/blind/ftverify.c:276:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(prstat && (!strlen(p) || !strcmp(p, "STDOUT"))) {
data/astrometry.net-0.80+dfsg/blind/ftverify.c:279:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(prstat && (!strlen(p) || !strcmp(p, "STDERR"))) {
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:670:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(floatvalue)) { /* ignore completely blank fields */
data/astrometry.net-0.80+dfsg/blind/fvrf_data.c:695:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(floatvalue) - 1;
data/astrometry.net-0.80+dfsg/blind/fvrf_file.c:30:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(hduname[i]->extname,"");
data/astrometry.net-0.80+dfsg/blind/fvrf_file.c:48:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(hduname[i]->extname,"");
data/astrometry.net-0.80+dfsg/blind/fvrf_file.c:84:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(p1->extname) || !strlen(p2->extname)) return 0;
data/astrometry.net-0.80+dfsg/blind/fvrf_file.c:84:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(p1->extname) || !strlen(p2->extname)) return 0;
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:59:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:63:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(pfile)) return;
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:433:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(hduptr->extname,"");
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:595:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(temp);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:699:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(temp);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:795:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(temp);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:860:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(temp);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:889:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(temp);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1401:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(temp);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1944:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(temp);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:1970:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(temp);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2392:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(temp);
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2664:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(p)) {
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2704:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(cols[i]->name)) continue;
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2897:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(tunit[i]))
data/astrometry.net-0.80+dfsg/blind/fvrf_head.c:2968:17: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(extnv,"");
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:31:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(card) > FLEN_CARD-1 ) {
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:32:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp1,card,20);
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:41:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(kname, card, 8);
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:115:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vind,p,2);
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:178:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(kvalue);
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:222:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(kvalue,pi,nchar);
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:306:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(kvalue,pi,nchar);
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:372:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(kvalue,card,nchar);
data/astrometry.net-0.80+dfsg/blind/fvrf_key.c:415:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(kcomm,pi,nchar);
data/astrometry.net-0.80+dfsg/blind/fvrf_misc.c:211:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(temp) - 80;
data/astrometry.net-0.80+dfsg/blind/fvrf_misc.c:218:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp,p,80);
data/astrometry.net-0.80+dfsg/blind/fvrf_misc.c:237:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp,p,clen);
data/astrometry.net-0.80+dfsg/blind/fvrf_misc.c:239:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(p)- clen;
data/astrometry.net-0.80+dfsg/blind/fvrf_misc.c:272:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ntitle = strlen(title);
data/astrometry.net-0.80+dfsg/blind/image2xy-main.c:174:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
asprintf_safe(&outfn, "%.*s.xy.fits", (int)(strlen(infn)-5), infn);
data/astrometry.net-0.80+dfsg/blind/matchobj.c:63:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(prefix);
data/astrometry.net-0.80+dfsg/blind/plot-constellations.c:725:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(bs->name && strlen(bs->name)))
data/astrometry.net-0.80+dfsg/blind/plot-constellations.c:727:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (common_only && !(bs->common_name && strlen(bs->common_name)))
data/astrometry.net-0.80+dfsg/blind/plot-constellations.c:748:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bs->common_name && strlen(bs->common_name))
data/astrometry.net-0.80+dfsg/blind/plot-constellations.c:761:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bs->common_name && strlen(bs->common_name))
data/astrometry.net-0.80+dfsg/blind/plot-constellations.c:775:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(bs->common_name && strlen(bs->common_name)) ? bs->common_name : bs->name,
data/astrometry.net-0.80+dfsg/blind/plot-constellations.c:781:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bs->common_name && strlen(bs->common_name))
data/astrometry.net-0.80+dfsg/blind/plotannotations.c:306:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(bs->name) && !strlen(bs->common_name))
data/astrometry.net-0.80+dfsg/blind/plotannotations.c:306:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(bs->name) && !strlen(bs->common_name))
data/astrometry.net-0.80+dfsg/blind/plotannotations.c:328:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
label = (strlen(bs->common_name) ? bs->common_name : bs->name);
data/astrometry.net-0.80+dfsg/blind/plotgrid.c:49:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(buf)-1;
data/astrometry.net-0.80+dfsg/blind/plotgrid.c:57:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(buf)-1;
data/astrometry.net-0.80+dfsg/blind/plotstuff.c:860:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(fn);
data/astrometry.net-0.80+dfsg/blind/plotstuff.c:1132:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!cmd || (strlen(cmd) == 0) || (cmd[0] == '#')) {
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:397:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* te = tb + strlen(tb);
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:681:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:702:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lname = (name ? strlen(name) : 0);
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:707:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r,name,lname+1);
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:3014:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (psize) *psize = vptr ? (strlen((char *)vptr) + 1) : 0;
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:3055:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return SWIG_FromCharPtrAndSize(cptr, (cptr ? strlen(cptr) : 0));
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:3647:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen((const char *)(arg2)) + 1;
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:5525:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen((const char *)(arg2)) + 1;
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:8369:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen((const char *)((const char *)(arg2))) + 1;
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:10153:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen((const char *)(arg2)) + 1;
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:13374:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen((const char *)(arg2)) + 1;
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:13435:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen((const char *)(arg2)) + 1;
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:14717:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen((const char *)(arg2)) + 1;
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:14830:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen((const char *)(arg2)) + 1;
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:14891:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen((const char *)(arg2)) + 1;
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:15818:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen((const char *)(arg2)) + 1;
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:15931:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen((const char *)(arg2)) + 1;
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:15992:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen((const char *)(arg2)) + 1;
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:17765:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen((const char *)(arg2)) + 1;
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:19910:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen(name)+1;
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:19979:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(const_table[j].name)) == 0) {
data/astrometry.net-0.80+dfsg/blind/plotstuff_wrap.c:19990:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lptr = strlen(ty->name)+2*sizeof(void*)+2;
data/astrometry.net-0.80+dfsg/blind/quadscales.c:70:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(fixed_basename); i++) {
data/astrometry.net-0.80+dfsg/blind/solve-field.c:495:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(sl_get(lines, 0))) {
data/astrometry.net-0.80+dfsg/blind/solve-field.c:784:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(removeopts); i++) {
data/astrometry.net-0.80+dfsg/blind/solve-field.c:1005:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fnbuf);
data/astrometry.net-0.80+dfsg/blind/solve-field.c:1053:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(base);
data/astrometry.net-0.80+dfsg/blind/solve-field.c:1058:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(base);
data/astrometry.net-0.80+dfsg/blind/spike_join.c:35:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c = fgetc(inFid)) != EOF){
data/astrometry.net-0.80+dfsg/catalogs/2mass.c:140:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(e->designation, cursor, 17);
data/astrometry.net-0.80+dfsg/catalogs/2mass.c:142:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(e->designation) != 17) {
data/astrometry.net-0.80+dfsg/catalogs/test_tycho2.c:55:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CuAssertIntEquals(tc, 0, strlen(e->hip_ccdm));
data/astrometry.net-0.80+dfsg/catalogs/test_tycho2.c:108:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CuAssertIntEquals(tc, 0, strlen(e->hip_ccdm));
data/astrometry.net-0.80+dfsg/catalogs/test_tycho2.c:161:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CuAssertIntEquals(tc, 2, strlen(e->hip_ccdm));
data/astrometry.net-0.80+dfsg/catalogs/test_tycho2.c:206:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CuAssertIntEquals(tc, 1, strlen(e->hip_ccdm));
data/astrometry.net-0.80+dfsg/catalogs/tycho2.c:14:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dst, src, n);
data/astrometry.net-0.80+dfsg/libkd/qptst.c:42:13: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
int equal, greater;
data/astrometry.net-0.80+dfsg/libkd/qptst.c:124:27: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
for (i=low; i<equal; i++)
data/astrometry.net-0.80+dfsg/libkd/qptst.c:126:20: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
for (i=equal; i<=high; i++)
data/astrometry.net-0.80+dfsg/libkd/qptst.c:136:18: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
ll = equal;
data/astrometry.net-0.80+dfsg/libkd/qptst.c:157:27: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
for (i=low; i<equal; i++)
data/astrometry.net-0.80+dfsg/libkd/qptst.c:159:20: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
for (i=equal; i<greater; i++)
data/astrometry.net-0.80+dfsg/libkd/qptst.c:187:26: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (median < equal) {
data/astrometry.net-0.80+dfsg/libkd/qptst.c:194:30: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
low = high = equal;
data/astrometry.net-0.80+dfsg/qfits-an/anqfits.c:830:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(blankline) == 80);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:125:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(val);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:128:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(line+8, val, len);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:134:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(val)<1) cval[0]='\0';
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:151:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(line, safe_line, 80);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:163:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(line, safe_line, 80);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:187:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(key) + strlen(cval_q) + 3 >= 80)
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:187:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(key) + strlen(cval_q) + 3 >= 80)
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:192:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(line, safe_line, 80);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:253:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(key, line, i);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:303:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(value, line+8, 80-8);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:355:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(value, line+from, to-from+1);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:440:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(comment, line+from, to-from+1);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_card.c:483:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(expanded, " ");
data/astrometry.net-0.80+dfsg/qfits-an/qfits_header.c:470:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(val)>0) k->val = qfits_strdup(val);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_header.c:473:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(com)>0) k->com = qfits_strdup(com);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_header.c:911:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c)<1) return errval;
data/astrometry.net-0.80+dfsg/qfits-an/qfits_header.c:1050:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(com)>0) k->com = qfits_strdup(com);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_header.c:1055:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(lin)>0) k->lin = qfits_strdup(lin);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_header.c:1112:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((int)strlen(key)<9) kt = keytype_primary;
data/astrometry.net-0.80+dfsg/qfits-an/qfits_header.c:1239:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(k->key, key, (int)strlen(key))) break;
data/astrometry.net-0.80+dfsg/qfits-an/qfits_memory.c:1146:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = qfits_memory_malloc(1+strlen(s), filename, lineno);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_memory.c:1271:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((p = malloc(strlen(str)+1)) == NULL)
data/astrometry.net-0.80+dfsg/qfits-an/qfits_memory.c:1297:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(key);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_memory.c:1457:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(qfits_memory_p_mm_filename[pos], mm_filename,MAPFILENAMESZ);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_rw.c:113:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(line, (char*)hdr_str + ind, 80);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_rw.c:148:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(key)!=3) {
data/astrometry.net-0.80+dfsg/qfits-an/qfits_rw.c:246:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<(int)strlen(s); i++) {
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:202:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(curr_col->tunit)) {
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1840:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctmp, ccol, col->atom_nb);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:1953:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctmp, ccol, col->atom_size * col->atom_nb);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2185:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
last = l + strlen(l);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_table.c:2467:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(field, (char*)inbuf, curr_col->atom_nb);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_tools.c:101:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(s);
data/astrometry.net-0.80+dfsg/qfits-an/qfits_tools.c:126:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = (int)strlen(pretty)-1;
data/astrometry.net-0.80+dfsg/qfits-an/qfits_tools.c:145:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(s)>1) return 0;
data/astrometry.net-0.80+dfsg/sdss/cutils_wrap.c:397:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* te = tb + strlen(tb);
data/astrometry.net-0.80+dfsg/sdss/cutils_wrap.c:681:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
data/astrometry.net-0.80+dfsg/sdss/cutils_wrap.c:702:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lname = (name ? strlen(name) : 0);
data/astrometry.net-0.80+dfsg/sdss/cutils_wrap.c:707:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r,name,lname+1);
data/astrometry.net-0.80+dfsg/sdss/cutils_wrap.c:3680:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen(name)+1;
data/astrometry.net-0.80+dfsg/sdss/cutils_wrap.c:3749:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(const_table[j].name)) == 0) {
data/astrometry.net-0.80+dfsg/sdss/cutils_wrap.c:3760:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lptr = strlen(ty->name)+2*sizeof(void*)+2;
data/astrometry.net-0.80+dfsg/util/an-pnmtofits.c:41:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fid);
data/astrometry.net-0.80+dfsg/util/bl-sort.c:52:9: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bl* equal;
data/astrometry.net-0.80+dfsg/util/bl-sort.c:84:27: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bl_append(equal, data);
data/astrometry.net-0.80+dfsg/util/bl-sort.c:133:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
free(equal);
data/astrometry.net-0.80+dfsg/util/bl.c:938:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seplen = strlen(sepstring);
data/astrometry.net-0.80+dfsg/util/bl.c:1166:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
JL = strlen(join);
data/astrometry.net-0.80+dfsg/util/bl.c:1169:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(sl_get(list, i));
data/astrometry.net-0.80+dfsg/util/bl.c:1177:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t L = strlen(str);
data/astrometry.net-0.80+dfsg/util/bt.c:690:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
subind = malloc(strlen(indent) + strlen(addind) + 1);
data/astrometry.net-0.80+dfsg/util/bt.c:690:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
subind = malloc(strlen(indent) + strlen(addind) + 1);
data/astrometry.net-0.80+dfsg/util/bt.c:728:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
subind = malloc(strlen(indent) + strlen(addind) + 1);
data/astrometry.net-0.80+dfsg/util/bt.c:728:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
subind = malloc(strlen(indent) + strlen(addind) + 1);
data/astrometry.net-0.80+dfsg/util/cairoutils.c:146:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(color) == 6) {
data/astrometry.net-0.80+dfsg/util/cutest.c:59:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(old);
data/astrometry.net-0.80+dfsg/util/cutest.c:101:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(text);
data/astrometry.net-0.80+dfsg/util/cutest.c:128:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = strlen(text);
data/astrometry.net-0.80+dfsg/util/fileutils.c:68:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(pathenv))
data/astrometry.net-0.80+dfsg/util/fileutils.c:74:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(pathenv);
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:405:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
commentlen = (comment ? 3 + strlen(comment) : 0);
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:487:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
N = strlen(s);
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:500:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
N = strlen(s) - 1;
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:511:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
N = strlen(s);
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:532:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
N = strlen(s);
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:581:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:606:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(val);
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:613:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cptr[strlen(cptr)-1] = '\0';
data/astrometry.net-0.80+dfsg/util/fitsioutils.c:689:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int indlen = (indent ? strlen(indent) : 0);
data/astrometry.net-0.80+dfsg/util/hpsplit.c:287:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxlen = MAX(maxlen, strlen(infn));
data/astrometry.net-0.80+dfsg/util/index.c:82:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
asprintf_safe(&qidxfn, "%.*s.qidx.fits", (int)(strlen(indexfn)-5), indexfn);
data/astrometry.net-0.80+dfsg/util/ioutils.c:81:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
N = strlen(s);
data/astrometry.net-0.80+dfsg/util/ioutils.c:96:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(added)-1;
data/astrometry.net-0.80+dfsg/util/ioutils.c:102:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(added);
data/astrometry.net-0.80+dfsg/util/ioutils.c:127:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* sec = start + strlen(splitstr);
data/astrometry.net-0.80+dfsg/util/ioutils.c:128:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(sec);
data/astrometry.net-0.80+dfsg/util/ioutils.c:341:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nr = read(fd, cursor, buf + NB - cursor);
data/astrometry.net-0.80+dfsg/util/ioutils.c:613:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(str);
data/astrometry.net-0.80+dfsg/util/ioutils.c:857:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(prefix);
data/astrometry.net-0.80+dfsg/util/ioutils.c:864:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(suffix);
data/astrometry.net-0.80+dfsg/util/ioutils.c:865:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len2 = strlen(str);
data/astrometry.net-0.80+dfsg/util/ioutils.c:917:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(keyword);
data/astrometry.net-0.80+dfsg/util/ioutils.c:1041:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(fin);
data/astrometry.net-0.80+dfsg/util/ioutils.c:1078:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s) + 1;
data/astrometry.net-0.80+dfsg/util/jpl.c:25:5: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(s, "%lf = %4s %11s %13s %4s EC= %lf QR= %lf IN=%lf"
data/astrometry.net-0.80+dfsg/util/os-features.c:27:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = realloc(path, strlen(path) + 1);
data/astrometry.net-0.80+dfsg/util/sip_qfits.c:26:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(str);
data/astrometry.net-0.80+dfsg/util/sip_qfits.c:356:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_tan = (strncmp(str, expect, strlen(expect)) == 0);
data/astrometry.net-0.80+dfsg/util/sip_qfits.c:357:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_sin = (strncmp(str, expect2, strlen(expect2)) == 0);
data/astrometry.net-0.80+dfsg/util/sip_qfits.c:374:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!str || strncmp(str, expect, strlen(expect))) {
data/astrometry.net-0.80+dfsg/util/sip_qfits.c:438:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ct1) < NC || strlen(ct2) < NC)
data/astrometry.net-0.80+dfsg/util/sip_qfits.c:438:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ct1) < NC || strlen(ct2) < NC)
data/astrometry.net-0.80+dfsg/util/test_anwcs.c:210:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write_file(tmpfile, wcsliteral, strlen(wcsliteral))) {
data/astrometry.net-0.80+dfsg/util/test_fitsioutils.c:31:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1] = ' ';
data/astrometry.net-0.80+dfsg/util/test_ioutils.c:59:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CuAssertIntEquals(tc, 1024, strlen(str2));
data/astrometry.net-0.80+dfsg/util/test_ioutils.c:74:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CuAssertIntEquals(tc, 1024, strlen(str2));
data/astrometry.net-0.80+dfsg/util/test_ioutils.c:95:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CuAssertIntEquals(tc, 1500, strlen(str2));
data/astrometry.net-0.80+dfsg/util/test_ioutils.c:110:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CuAssertIntEquals(tc, 1499, strlen(str2));
data/astrometry.net-0.80+dfsg/util/test_ioutils.c:125:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CuAssertIntEquals(tc, 1023, strlen(str2));
data/astrometry.net-0.80+dfsg/util/test_ioutils.c:147:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CuAssertIntEquals(tc, 1993, strlen(str2));
data/astrometry.net-0.80+dfsg/util/test_ioutils.c:164:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CuAssertIntEquals(tc, 10*200, strlen(str2));
data/astrometry.net-0.80+dfsg/util/test_wcs.c:31:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(hdr);
data/astrometry.net-0.80+dfsg/util/util_wrap.c:397:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* te = tb + strlen(tb);
data/astrometry.net-0.80+dfsg/util/util_wrap.c:681:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
data/astrometry.net-0.80+dfsg/util/util_wrap.c:702:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lname = (name ? strlen(name) : 0);
data/astrometry.net-0.80+dfsg/util/util_wrap.c:707:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r,name,lname+1);
data/astrometry.net-0.80+dfsg/util/util_wrap.c:3879:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (psize) *psize = vptr ? (strlen((char *)vptr) + 1) : 0;
data/astrometry.net-0.80+dfsg/util/util_wrap.c:3920:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return SWIG_FromCharPtrAndSize(cptr, (cptr ? strlen(cptr) : 0));
data/astrometry.net-0.80+dfsg/util/util_wrap.c:4033:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = (int)strlen(fn);
data/astrometry.net-0.80+dfsg/util/util_wrap.c:7776:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen((const char *)(arg2)) + 1;
data/astrometry.net-0.80+dfsg/util/util_wrap.c:7837:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen((const char *)(arg2)) + 1;
data/astrometry.net-0.80+dfsg/util/util_wrap.c:8262:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen((const char *)(arg2)) + 1;
data/astrometry.net-0.80+dfsg/util/util_wrap.c:34604:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen(name)+1;
data/astrometry.net-0.80+dfsg/util/util_wrap.c:34673:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(const_table[j].name)) == 0) {
data/astrometry.net-0.80+dfsg/util/util_wrap.c:34684:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lptr = strlen(ty->name)+2*sizeof(void*)+2;
data/astrometry.net-0.80+dfsg/util/wcs-pv2sip.c:395:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
np = strlen(prefix);
data/astrometry.net-0.80+dfsg/util/wcs-pv2sip.c:401:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(txthdr + np + i*FITS_LINESZ, sl_get(lines, i), strlen(sl_get(lines, i)));
ANALYSIS SUMMARY:
Hits = 1951
Lines analyzed = 200428 in approximately 6.54 seconds (30660 lines/second)
Physical Source Lines of Code (SLOC) = 160172
Hits@level = [0] 2182 [1] 232 [2] 1210 [3] 110 [4] 399 [5] 0
Hits@level+ = [0+] 4133 [1+] 1951 [2+] 1719 [3+] 509 [4+] 399 [5+] 0
Hits/KSLOC@level+ = [0+] 25.8035 [1+] 12.1807 [2+] 10.7322 [3+] 3.17783 [4+] 2.49107 [5+] 0
Symlinks skipped = 1 (--allowlink overrides but see doc for security issue)
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.