Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_bpm_fit.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_sigclip.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_overscan_defs.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_catalogue.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_DER_SNR.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_spectrum_resample.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_bpm_3d.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/igam.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_efficiency.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_test.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_sigclip.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_spectrum_defs.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_image.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_fit.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_flat.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_elemop.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_elemop.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_random.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_lacosmics.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_dar.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_spectrum_resample.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_efficiency.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_prototyping.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_spectrum_shift.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_fringe.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_prototyping.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_spectrum_shift.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_correlation.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_strehl.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_imagelist_view.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_frameiter.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_imagelist_view.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_spectrum.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_image.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_frameiter.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_image_math.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_image_math.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_bpm_2d.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_spectrum.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_bpm_2d.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_bpm_fit.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_combine.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_multiiter.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_iter.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_utils.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_parameter_defs.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_catalogue.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_imagelist_basic.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_lacosmics.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_DER_SNR.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_strehl.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_image_defs.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_buffer.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_fpn.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_collapse.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_parameter.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_bpm_utils.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_correlation.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_overscan.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_random.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_combine.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_iter.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_bpm_utils.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_imagelist.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_utils-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_prototyping-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_spectrum1d-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_elemop-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_strehl-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_buffer-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_fringe-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_random-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_image-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_bpm_2d-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_overscan-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_collapse-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_parameter-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_imagelist_basic-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_dar-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_catalogue-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_bpm_utils-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_combine-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_lacosmics-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_efficiency-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_response-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_bpm_3d-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_spectrum1d_shift-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_imagelist_view-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_bpm_fit-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_imagelist_io-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_flat-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_correlation-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_spectrum1dlist-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_sigclip-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_der_snr-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_fit-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_frameiter-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_multiiter-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_fpn-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_response.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_imagelist_io.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_spectrumlist.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_flat.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_response.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_fit.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_imagelist_basic.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_fpn.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_types.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_collapse.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_parameter.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_utils.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_multiiter.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_dar.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_overscan.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_background.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_moments.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_terminate.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_extend.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_table.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_filter.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_moments.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_radii.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_utils_sort.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_statistics.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_utils_sort.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_seeing.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_apclust.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_statistics.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_phopt.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_table.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_utils.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_classify.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_apio.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_filter.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_conf.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_apline.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_apline.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_solve.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_areals.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_utils.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_casu.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/tests/hdrl_cat_casu-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/tests/hdrl_cat_conf-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/tests/hdrl_cat_classify-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/tests/hdrl_cat_radii-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/tests/hdrl_cat_areals-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/tests/hdrl_cat_moments-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/tests/hdrl_cat_polynm-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/tests/hdrl_cat_apio-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/tests/hdrl_cat_filter-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/tests/hdrl_cat_casu_bkg_badpatch-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/tests/hdrl_cat_phopt-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/tests/hdrl_cat_overlp-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/tests/hdrl_cat_seeing-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/tests/hdrl_cat_terminate-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/tests/hdrl_cat_utils_sort-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/tests/hdrl_cat_sim_montecarlo-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/tests/hdrl_cat_background-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/tests/hdrl_cat_casu_addmul-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_apclust.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_conf.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_seeing.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_overlp.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_apio.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_casu.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_polynm.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_def.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_terminate.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_extend.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_areals.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_phopt.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_radii.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_background.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_polynm.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_solve.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_overlp.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_classify.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_spectrumlist.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_bpm_3d.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_buffer.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_fringe.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_imagelist_defs.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_imagelist_io.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_orderpos.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_offset.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_wavecal.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_lingain.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_mflat.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_util_ifu_stare.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_util_ifu_offset.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_mbias.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_flexcomp.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_predict.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_stare.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_2dmap.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_util_physmod.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_offset.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_ifu_offset.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_nod.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_ifu_stare.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_geom_ifu.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_cfg_recover.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_stare.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_mdark.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_nod.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_distortion.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_oddeven.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_polynomial.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_stdstar.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_flat.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_calib.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_wavecal.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_ksigma_clip.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_slitpos.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_wcs.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_calib.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_plugin.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_polynomial.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_hist.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_wlxcorr.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_fft.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_ppm.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_slitpos.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_mkmaster.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_plugin.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_ksigma_clip_body.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_cat.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_match_cats.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_framelist.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_spectrum.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_framelist.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_oddeven.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_utils.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_wcs.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_wlxcorr.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_wavecal.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_spectrum.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_flat.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/tests/irplib_cat-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/tests/irplib_utils-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/tests/irplib_sdp_spectrum-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/tests/irplib_wlxcorr-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/tests/irplib_strehl-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/tests/irplib_plugin-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/tests/irplib_hist-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/tests/irplib_framelist-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/tests/irplib_wcs-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/tests/irplib_polynomial-test.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_stdstar.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_ppm.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_strehl.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_wavecal_impl.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_cat.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_strehl.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_utils.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_fft.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_match_cats.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_sdp_spectrum.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_mkmaster.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_distortion.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_ksigma_clip.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_hist.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_sdp_spectrum.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_slice_dist.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_rec.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_sa.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_arclist.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_fit_body.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_nod.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectrum1D.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_efficiency.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectrum1D.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_the_map.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_polynomial.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_globals.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detmon_dfs.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_spectrum.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_order.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_pfits_qc.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_paf_save.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_wavemap.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_calibrate_flux.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_grid.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_remove_crh_single.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detmon_lg.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_pre.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detmon_utils.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_table.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_grid.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_msg.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_instrument.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_star_flux.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_badpixelmap.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_pre.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_imagelist.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_qc_definition.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_table.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_randlcg.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_io.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_linetilt.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_hist.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_cputime.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_pre_3d.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_vector.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_wavemap.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_ref_ind.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_remove_crh_multi.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_rectify.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_cpl_size.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detmon_body.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectralformat.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_order_resid_tab.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_shift_tab.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_flexcor.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detmon.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_response.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_error.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_anneal.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_pfits.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_polynomial.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_arm_constants.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_wrappers.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_linetilt.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_continuum.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_metric.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_flat_merge.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_kernel.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_order_resid_tab.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_instrument.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_hist.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_rectify.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectralformat.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_imagelist.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_ksigma_clip.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_eqwidth_lib.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_wavesol.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_shift_tab.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_noise_map.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_image_3d.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_localization.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_anneal.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_slice_offset.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_kernel.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_r250.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_absorp.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_wavesol.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_efficiency.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectrum.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_prepare.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_ngaussfdf.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_resid_tab.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_time.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_spectrum.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_wavemap.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detmon_lg_impl.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_randlcg.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_time.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detmon_utils.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dump.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_extract.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_eqwidth_lib.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_cputime.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_blaze.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_paf_save.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_badpixelmap.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_metric.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_linearity.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_efficiency_response.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/irplib_error.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_order_table.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_response.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_follow_arclines.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_star_flux.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_check.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_r250.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detmon_lg.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_offset.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_the_map.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_sa.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_pre_3d.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_blaze.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_resid_tab.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_detect_line_pos2.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_detect_continuum.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_ifu_trace_object.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_order.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_create_map.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_spectrum_merge_3d.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-combine_flux_with_scaling.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_mark_tell.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_bias.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_paf_save.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_slitmap.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_bspline_interpol.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_compute_noise_map.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_flat_merge.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_detect_line_pos.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_localize_ifu.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_spectrum_order_1D.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_remove_crh_single.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/tests.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_extract.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-region_file.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_opt_extract.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_wave_tab_2d_sample.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_order_2D.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_format.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_bspline.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-convert_wave_map_to_order_map.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_telluric_cor.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_the_map.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_spectralformat.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_star_flux.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_dispersol.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_extract_clean_sym.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-product_xsh_master_bias.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_compute_absorp.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_correct_vacuum_to_air.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_ifu_trace_slices.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_wavecal_fwhm.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_compute_response.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_geom_ifu.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_create_master_dark.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_pre.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_cpl_vector_correl_gaussians.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_guess.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_detect_line_file.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_background.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_combine_nod.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-spectrum_stat.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_merge_ord.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_sky_nod.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_gaussian_fit.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_wave_tab_2d.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_remove_crh_multiple.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_sky_single.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/tests.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_create_master_bias.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_build_cube.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_startup.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_dark.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_prepare.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_pix_convention.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_flux.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_tools_perf.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_flux_conservation.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_model_maps_create.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-cpl_image_fit_gaussian.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_model.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_spectrum_detect_lines.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_detect_order.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_cube.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_atmos_ext.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-telluric_sampling.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_detect_arclines.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_correl_gaussians.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_rectify.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_cube_ext_save.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-cpl_image_threshold.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_compute_shift_ifu.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_xcorrel_gaussians.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_localize_obj.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_extract_clean.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_lambda_err.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_divide_flat.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_fit.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_wavemap.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_create_spectralformat.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_sky_lines_sampling.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_atrous.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-tell_catalog.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_dfs_sdp.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_vector.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_ifu_defs.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_qc_handling.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_atmos_ext.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_ksigma_clip.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_utils.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_atmos_ext.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectrum.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_format.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_slice_offset.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_baryvel.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_star_index.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_order.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_response.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_pfits.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_order.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_irplib_mkmaster.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_irplib_mkmaster.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_arclist.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_utils.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_star_index.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_master.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_resid_tab.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/irplib_error.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dump.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detmon.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_pfits_qc.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_msg.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_baryvel.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_io.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_fit.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_divide.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_multiply.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_wrappers.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_linearity.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_image_3d.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_localization.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_dispersol.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_hdrl_functions.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_rec.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_qc_handling.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_fit.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_dispersol.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_merge_ord.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_ifu.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.h Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_efficiency_response.c Examining data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_hdrl_functions.c FINAL RESULTS: data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_imagelist_io.c:503:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. cpl_ensure_code( fprintf(stream, HDRL_MSG, (int)himlist->ni) >= msgmin, data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_imagelist_io.c:510:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. cpl_ensure_code( fprintf(stream, HDRL_IMSG, i, (int)himlist->ni) >= imsgmin, data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_imagelist_io.c:555:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. cpl_ensure_code( fprintf(stream, HDRL_IMSG, (int)i, data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_utils.c:535:16: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (dir && access(dir, W_OK) == 0) { data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_utils.c:540:31: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (tmpdirs[i] && access(tmpdirs[i], W_OK) == 0) { data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_frameiter-test.c:296:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(rm_fns)) {} data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_multiiter-test.c:235:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(rm_fns)) {} data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_cat.c:89:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access((const char *)fname,R_OK) != 0) data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_plugin.c:1052:13: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. n = sscanf(line, LINE_SCAN_FMT, path, tag, group); data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_utils.c:68:30: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((format (printf, 2, 3))) data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_wcs.c:252:12: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. nret = sscanf(iso8601, IRPLIB_ISO8601_FORMAT, pyear, pmonth, data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_wlxcorr.c:990:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(title_loc, data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_wlxcorr.c:1023:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(title_loc, data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/tests/irplib_utils-test.c:482:19: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. cpl_test_zero(system("rm dummyon*.fits")); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_2dmap.c:254:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(paramname,"xsh.%s.%s",RECIPE_ID,"model-scenario"); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_2dmap.c:676:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filename,xsh_stringcat_any( "WAVE_DARK_", data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_2dmap.c:739:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rtag, "WAVE_RESID_TAB_LINES_GFIT_%s", data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_2dmap.c:741:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fout, "%s.fits", rtag); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_2dmap.c:769:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(slit_map_tag,"SLIT_MAP_%s", data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_2dmap.c:772:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wave_map_tag,"WAVE_MAP_%s", data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_2dmap.c:794:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(paramname,"xsh.%s.%s",RECIPE_ID, "model-maxit"); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_2dmap.c:798:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(paramname,"xsh.%s.%s",RECIPE_ID, "model-anneal-factor"); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_2dmap.c:802:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(paramname,"xsh.%s.%s",RECIPE_ID, "model-scenario"); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_cfg_recover.c:1251:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name_o,"%s%s",tag,".fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_cfg_recover.c:2949:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ext_val,"%s%d","ext",ord); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_cfg_recover.c:3309:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name_o,"%s%s",tag,".fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_flexcomp.c:252:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(paramname,"xsh.%s.%s",RECIPE_ID,"model-scenario"); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_flexcomp.c:622:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( filename, "AFCATT_DARK_%s.fits", data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_flexcomp.c:670:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(slit_map_tag,"SLIT_MAP_%s", data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_flexcomp.c:673:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wave_map_tag,"WAVE_MAP_%s", data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_geom_ifu.c:268:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(recipename,"xsh.%s",RECIPE_ID); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_geom_ifu.c:269:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(paramname,"%s.%s",recipename,"flat-method"); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_geom_ifu.c:774:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wave_map_tag,"%s_%s",rec_prefix,XSH_WAVE_MAP_MODEL); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_geom_ifu.c:775:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(slit_map_tag,"%s_%s",rec_prefix,XSH_SLIT_MAP_MODEL); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_geom_ifu.c:816:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tag, "GEOM_IFU_FF_%s", data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_geom_ifu.c:835:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( geom_prefix, "orig_%s", rec_prefix); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_geom_ifu.c:870:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( geom_prefix, "%s", rec_prefix); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_lingain.c:533:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. check(sprintf(name,cpl_frame_get_filename(bp_nl_frame))); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_mbias.c:473:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name,"%s.fits",ftag); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_mdark.c:400:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(bp_map_noise_name, "%s.fits", bp_map_noise_pro_catg); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_mdark.c:543:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(med_frame_tag, "DARK_REMOVE_CRH_%s", data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_mdark.c:627:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "%s.fits", pcatg); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_mdark.c:635:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "%s.fits", pcatg); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_mflat.c:934:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname_d2,"MFLAT_D2_GRID_BACK_%s_%s.fits", data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_mflat.c:938:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname_qth,"MFLAT_QTH_GRID_BACK_%s_%s.fits", data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_orderpos.c:435:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( fname, "ORDERPOS_%s_DARK.fits", data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_predict.c:250:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(paramname,"xsh.%s.%s",RECIPE_ID,"model-scenario"); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_predict.c:610:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rtag, "FMTCHK_RESID_TAB_LINES_GFIT_%s", data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_predict.c:612:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fout, "%s.fits", rtag); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_predict.c:661:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(paramname,"xsh.%s.%s",RECIPE_ID, "model-maxit"); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_predict.c:665:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(paramname,"xsh.%s.%s",RECIPE_ID, "model-anneal-factor"); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_predict.c:669:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(paramname,"xsh.%s.%s",RECIPE_ID, "model-scenario"); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_predict.c:751:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"%s_ON",XSH_FMTCHK); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_nod.c:705:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( comb_tag,"%s_%s", data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_offset.c:630:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). check(strcpy(rec_prefix,prefix)); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_offset.c:662:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(arm_str, "%s", xsh_instrument_arm_tostring(instrument)); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_offset.c:666:6: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(sky_prefix,xsh_set_recipe_sky_file_prefix(rec_prefix)); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_offset.c:682:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( arm_str, "%s", xsh_instrument_arm_tostring(instrument) ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_offset.c:698:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sky_tag,"%s%s%s",rec_prefix,"_SKY_",arm_str); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_offset.c:702:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sky_tag,"%s%s%s",rec_prefix,"_FF_SKY_",arm_str); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_offset.c:703:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name,"%s.fits",sky_tag); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_offset.c:749:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name,"RECTIFIED_SLIT_OFFSET_%s_%s.fits",arm_str,str) ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_offset.c:769:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_tag,"%s_%s_%s",rec_prefix,XSH_ORDER2D, arm_str) ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_offset.c:779:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name,"LOCALIZE_%s_ALL.fits",arm_str) ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_offset.c:788:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name,"%s_RECTIFIED_SKY_%s.fits",sky_prefix,arm_str) ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_offset.c:881:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_tag,"SLIT_STARE_NOCRH_NOT_FF_%s",arm_str) ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_offset.c:888:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name,"%s_EFF_%s_%s.fits",rec_prefix,XSH_ORDER2D, data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_stare.c:591:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( arm_str, "%s", xsh_instrument_arm_tostring(instrument) ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_stare.c:747:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix,"%s",rec_prefix); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_stare.c:759:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ftag,"%s_STD_NO_CRH_%s",rec_prefix,xsh_instrument_arm_tostring(instrument)); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_stare.c:760:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname,"%s.fits",ftag) ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_stare.c:843:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rec_name,"%s_%s_%s.fits",rec_prefix,XSH_ORDER2D, data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_stare.c:854:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(sky_prefix,xsh_set_recipe_sky_file_prefix(rec_prefix)); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_stare.c:855:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rec_name,"%s_%s_%s.fits",sky_prefix,XSH_ORDER2D, data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_stare.c:988:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_tag,"SLIT_STARE_NOCRH_NOT_FF_%s",arm_str) ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_stare.c:995:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name,"%s_EFF_%s_%s.fits",rec_prefix,XSH_ORDER2D, data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_ifu_offset.c:257:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(recipename,"xsh.%s",RECIPE_ID); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_ifu_offset.c:258:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(paramname,"%s.%s",recipename,"flat-method"); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_ifu_offset.c:748:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( arm_str, "%s_", xsh_instrument_arm_tostring(instrument) ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_ifu_offset.c:762:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s%s",rec_prefix, str) ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_ifu_offset.c:790:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( file_tag, "NO_CRH_IFU_OFFSET_%s%d", arm_str,i); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_ifu_offset.c:798:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( file_tag, "FF_IFU_OFFSET_%s%d", arm_str, i); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_ifu_offset.c:820:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( file_tag, "FF_IFU_OFFSET_%s%d", arm_str, i); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_ifu_offset.c:836:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( file_tag, "COMBINED_IFU_OFFSET_%s_ALL", arm_str); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_ifu_stare.c:267:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(recipename,"xsh.%s",RECIPE_ID); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_ifu_stare.c:268:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(paramname,"%s.%s",recipename,"flat-method"); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_ifu_stare.c:721:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix,"%s_",rec_prefix); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_ifu_stare.c:764:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(div_tag,"%s_DIV_FF_%s", data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_nod.c:405:3: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system( cmd ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_nod.c:734:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( comb_tag,"%s_%s", data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_offset.c:573:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(sky_prefix,xsh_set_recipe_sky_file_prefix(rec_prefix)); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_offset.c:611:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(arm_str, "%s", xsh_instrument_arm_tostring(instrument)); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_offset.c:627:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sky_tag, "%s_SKY_%s", rec_prefix, arm_str); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_offset.c:630:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sky_tag, "%s_FF_SKY_%s", rec_prefix, arm_str); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_offset.c:666:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name,"RECTIFIED_SLIT_OFFSET_%s_%s.fits",arm_str,str) ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_offset.c:683:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_tag,"%s_%s_%s",rec_prefix,XSH_ORDER2D, arm_str) ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_offset.c:693:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name,"LOCALIZE_%s_ALL.fits",arm_str) ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_offset.c:704:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name,"%s_RECTIFIED_SKY_%s.fits",sky_prefix,arm_str) ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_offset.c:846:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_tag,"%s_%s_%s",sky_prefix,XSH_ORDER2D, arm_str) ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_offset.c:851:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_tag,"%s_%s_%s",sky_prefix,XSH_MERGE2D, arm_str) ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_stare.c:752:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix,"%s_",rec_prefix); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_stare.c:782:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"%sNO_SUB_BACK_%s",prefix, data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_stare.c:784:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_stare.c:829:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rec_name,"%s_%s_%s.fits",rec_prefix,XSH_ORDER2D, data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_stare.c:841:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(sky_prefix,xsh_set_recipe_sky_file_prefix(rec_prefix)); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_stare.c:842:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rec_name,"%s_%s_%s.fits",sky_prefix,XSH_ORDER2D, data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_stare.c:1005:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix,"%s_ORDER2D",rec_prefix); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_stare.c:1081:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"%s_ON",rec_prefix); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_util_ifu_offset.c:683:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(sky_prefix,xsh_set_recipe_sky_file_prefix(rec_prefix)); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_util_ifu_offset.c:684:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). check(strcpy(rec_prefix,(const char*)prefix)); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_util_ifu_offset.c:771:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( arm_str, "%s_", xsh_instrument_arm_tostring(instrument) ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_util_ifu_stare.c:541:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). check(strcpy(rec_prefix,(const char*)prefix)); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_util_ifu_stare.c:627:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wave_map_tag,"%s_%s",rec_prefix,XSH_WAVE_MAP_MODEL); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_util_ifu_stare.c:628:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(slit_map_tag,"%s_%s",rec_prefix,XSH_SLIT_MAP_MODEL); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_util_ifu_stare.c:673:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "%s_DARK_%s.fits", data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_util_ifu_stare.c:694:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tag, "%s_FF_%s", data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_util_ifu_stare.c:696:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_util_physmod.c:344:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. check(sprintf(wave_map_tag,"%s", data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_util_physmod.c:347:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. check(sprintf(slit_map_tag,"%s", data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_util_physmod.c:416:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(SPF_name,"%s%s",pro_catg,".fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_wavecal.c:604:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_prefix,"ARC_%s_",xsh_instrument_mode_tostring(instrument)); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_wavecal.c:635:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wave_map_tag,"%s_%s_%s",rec_prefix,XSH_WAVE_MAP_MODEL, data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_wavecal.c:637:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(slit_map_tag,"%s_%s_%s",rec_prefix,XSH_SLIT_MAP_MODEL, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/irplib_error.h:249:28: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((format (printf, 1, 2))) data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-product_xsh_master_bias.c:100:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SYNTAX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-spectrum_stat.c:85:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(name1,argv[1]); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-telluric_sampling.c:94:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(name1,argv[1]); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-telluric_sampling.c:95:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(name2,argv[2]); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_atrous.c:178:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( res_name, "%s_ATROUS.dat", file_name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_combine_nod.c:131:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( rectify_par->rectif_kernel, optarg ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_combine_nod.c:186:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( name, "ZERO_%s",shortname+1); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_combine_nod.c:189:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( name, "ZERO_%s",rec_name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_combine_nod.c:251:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( name, "%s_profil.dat",rec_name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_compute_response.c:97:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( DbgLevel, optarg ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_compute_response.c:154:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( arm_str, "%s", xsh_instrument_arm_tostring(instrument) ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_create_spectralformat.c:101:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SYNTAX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_atmos_ext.c:98:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SYNTAX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_cube.c:131:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( rectify_par->rectif_kernel, optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_dispersol.c:110:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SYNTAX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_order.c:113:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( PointType, optarg ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_order.c:116:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( PointSize, optarg ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_order.c:122:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( CentralColor, optarg ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_order.c:129:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( SYNTAX ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_order.c:174:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SYNTAX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_order_2D.c:103:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SYNTAX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_pre.c:102:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SYNTAX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_spectralformat.c:99:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SYNTAX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_spectrum_order_1D.c:148:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SYNTAX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_star_flux.c:98:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SYNTAX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_wave_tab_2d_sample.c:103:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( SYNTAX ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_wave_tab_2d_sample.c:152:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SYNTAX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_wavemap.c:113:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SYNTAX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_detect_arclines.c:168:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SYNTAX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_detect_arclines.c:238:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SYNTAX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_dfs_sdp.c:171:20: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. cpl_test_assert( system("test -d workspace_"TEST_NAME data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_dfs_sdp.c:254:22: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. cpl_test_assert( system("test -d workspace_"TEST_NAME data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_flat_merge.c:130:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SYNTAX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_gaussian_fit.c:197:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( res_name, "GSL_FIT_%s.dat", file_name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_gaussian_fit.c:227:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( res_name, "CPL_FIT_%s.dat", file_name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_geom_ifu.c:130:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( rectify_par->rectif_kernel, optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_guess.c:115:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SYNTAX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_ifu_trace_object.c:108:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SYNTAX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_ifu_trace_slices.c:101:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SYNTAX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_lambda_err.c:302:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( name, "%s_lambda_err_%d.dat", prefix, abs_order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_lambda_err.c:337:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( name, "%s_lambda_err.dat", prefix); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_lambda_err.c:374:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( name, "%s_lambda_err_%d.dat", prefix, abs_order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_model.c:109:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SYNTAX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_model_maps_create.c:124:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( SYNTAX ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_model_maps_create.c:168:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SYNTAX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_paf_save.c:74:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( to, filename ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_paf_save.c:151:10: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. assure( system( cmd ) == 0, CPL_ERROR_ILLEGAL_INPUT, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_prepare.c:100:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SYNTAX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_rectify.c:128:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( rectify_par->rectif_kernel, optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_remove_crh_multiple.c:354:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sof_name, "%s", argv[optind]); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_remove_crh_single.c:188:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(name, argv[optind]); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_remove_crh_single.c:189:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf( sof_name, argv[optind+1]); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_remove_crh_single.c:242:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( res_name, "NOCRH_%s.fits", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_resid_tab.c:107:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SYNTAX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_spectrum_detect_lines.c:128:8: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(fname,argv[1]); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_sky_nod.c:104:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( PointType, optarg ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_sky_nod.c:107:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( PointSize, optarg ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_sky_nod.c:113:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( CentralColor, optarg ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_sky_nod.c:116:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( SYNTAX ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_sky_nod.c:152:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SYNTAX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_sky_single.c:135:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( SYNTAX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_sky_single.c:231:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SYNTAX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_the_map.c:104:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SYNTAX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_wavecal_fwhm.c:105:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SYNTAX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/tests.h:135:10: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. (void) system("test -d workspace_Test-"DRL_ID \ data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/tests.h:144:12: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. (void) system("test -d workspace_Test-"DRL_ID \ data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_badpixelmap.c:121:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(btag,"%s_%s",XSH_MASTER_BP_MAP_FLAT,xsh_instrument_arm_tostring(inst)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_badpixelmap.c:122:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(bname,"%s.fits",btag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_badpixelmap.c:1171:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"%s_%s",XSH_BP_MAP_DP,xsh_instrument_arm_tostring(instr)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_badpixelmap.c:1172:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_badpixelmap.c:1232:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"%s_%s",XSH_BP_MAP_SP,xsh_instrument_arm_tostring(instr)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_badpixelmap.c:1233:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_badpixelmap.c:1669:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name_o,"SUB_%s",fname); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_blaze.c:157:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( blaze_name, "%s", "BLAZE_IMAGE.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_blaze.c:158:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(blaze_tag, "%s", "BLAZE"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_absorp.c:329:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag, "%s_%s", XSH_TELL_MASK, xsh_instrument_arm_tostring( instr)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_linearity.c:806:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( bpmapFname, "LINEARITY_BAD_PIXEL_MAP_%s.fits", sarm ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_noise_map.c:392:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result_name,bpmapFile) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_noise_map.c:404:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(noisy_name,"%s.fits",XSH_GET_TAG_FROM_ARM(XSH_BP_MAP_PN,instr)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_noise_map.c:408:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(noisy_name,"%s_%dx%d.fits",XSH_GET_TAG_FROM_ARM(XSH_BP_MAP_PN, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_response.c:3207:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(resp_obs_std_star_fname,"resp_%s",xsh_get_basename(filename)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_response.c:3482:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"RESPONSE_MERGE1D_%s_%s",xsh_instrument_mode_tostring(instrument), data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_response.c:3484:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_response.c:3664:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"RESPONSE_MERGE1D_%s_%s",xsh_instrument_mode_tostring(instrument), data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_response.c:3666:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_response.c:3851:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"RESPONSE_ORDER1D_%s_%s",xsh_instrument_mode_tostring(instrument), data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_response.c:3853:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_slice_dist.c:151:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( fname, "SLICE_OFFSET_%s.fits", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_slice_dist.c:299:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf( tablename, resname); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_slice_dist.c:364:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( fname ,"%s_SHIFTIFU_%s_%s.fits", prefix, SlitletName[slitlet], data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_slice_dist.c:378:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tag, "OFFSET_TAB_%s_IFU_%s", SlitletName[slitlet], data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_master.c:742:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(mdark_tag,"%s_%s",XSH_MASTER_DARK,xsh_instrument_arm_tostring(instr)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_master.c:743:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(mdark_name,"%s.fits",mdark_tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_master.c:1277:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(result_name,"%s.fits",result_tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_master.c:1348:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(mastername,"MASTER_BIAS_%s.fits", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_master.c:2367:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(mflat_tag, "%s_%s_%s", XSH_MASTER_FLAT, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_master.c:2370:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(mflat_tag, "%s_%s", XSH_MASTER_FLAT,xsh_instrument_arm_tostring(inst)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_master.c:2372:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(mflat_name,"%s.fits",mflat_tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_order_table.c:180:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname,"%s%s",tag,".fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_wavemap.c:98:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wavemap_tag,"%s_%s", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_wavemap.c:100:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(slitmap_tag,"%s_%s", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_wavemap.c:337:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wm_name,"%s.fits",wm_tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_wavemap.c:513:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wm_tag,"WAVE_MAP_POLY_%s",xsh_instrument_arm_tostring(instrument)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_wavemap.c:514:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wm_name,"%s.fits",wm_tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_wavemap.c:610:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_wlen,"%s%d",XSH_QC_WMAP_WAVEC,i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_wavemap.c:724:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_line,"%s%d",XSH_QC_LINE_DIFMIN,i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_wavemap.c:728:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_line,"%s%d",XSH_QC_LINE_DIFMAX,i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_wavemap.c:732:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_line,"%s%d",XSH_QC_LINE_DIFMED,i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_wavemap.c:736:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_line,"%s%d",XSH_QC_LINE_DIFAVG,i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_wavemap.c:760:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_line,"%s",XSH_QC_LINE_DIFMIN); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_wavemap.c:764:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_line,"%s",XSH_QC_LINE_DIFMIN_ORD); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_wavemap.c:768:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_line,"%s",XSH_QC_LINE_DIFMAX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_wavemap.c:772:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_line,"%s",XSH_QC_LINE_DIFMAX_ORD); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_wavemap.c:776:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_line,"%s",XSH_QC_LINE_DIFMED); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_wavemap.c:780:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_line,"%s",XSH_QC_LINE_DIFAVG); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_dispersol.c:422:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_dispersol.c:691:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_dispersol.c:852:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_image_3d.c:420:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if ( access( fname, 0 ) == 0 ) { data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_localization.c:125:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(colname, "%s%"CPL_SIZE_FORMAT, XSH_LOCALIZATION_TABLE_COLNAME_CENTER, k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_localization.c:129:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(colname, "%s%"CPL_SIZE_FORMAT, XSH_LOCALIZATION_TABLE_COLNAME_EDGLO, k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_localization.c:133:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(colname, "%s%"CPL_SIZE_FORMAT, XSH_LOCALIZATION_TABLE_COLNAME_EDGUP, k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_localization.c:234:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(colname, "%s%"CPL_SIZE_FORMAT, XSH_LOCALIZATION_TABLE_COLNAME_CENTER, k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_localization.c:237:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(colname, "%s%"CPL_SIZE_FORMAT, XSH_LOCALIZATION_TABLE_COLNAME_EDGUP, k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_localization.c:240:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(colname, "%s%"CPL_SIZE_FORMAT, XSH_LOCALIZATION_TABLE_COLNAME_EDGLO, k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_localization.c:253:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(colname, "%s%"CPL_SIZE_FORMAT, XSH_LOCALIZATION_TABLE_COLNAME_CENTER, k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_localization.c:258:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(colname, "%s%"CPL_SIZE_FORMAT, XSH_LOCALIZATION_TABLE_COLNAME_EDGUP, k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_localization.c:263:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(colname, "%s%"CPL_SIZE_FORMAT, XSH_LOCALIZATION_TABLE_COLNAME_EDGLO, k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_order.c:243:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(colname, "%s%"CPL_SIZE_FORMAT, XSH_ORDER_TABLE_COLNAME_CENTER, k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_order.c:248:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(colname, "%s%"CPL_SIZE_FORMAT, XSH_ORDER_TABLE_COLNAME_EDGLO, k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_order.c:253:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(colname, "%s%"CPL_SIZE_FORMAT, XSH_ORDER_TABLE_COLNAME_EDGUP, k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_order.c:259:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(colname, "%s%"CPL_SIZE_FORMAT, XSH_ORDER_TABLE_COLNAME_SLICUP, k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_order.c:268:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(colname, "%s%"CPL_SIZE_FORMAT, XSH_ORDER_TABLE_COLNAME_SLICLO, k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_order.c:839:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(colname, "%s%"CPL_SIZE_FORMAT, XSH_ORDER_TABLE_COLNAME_CENTER, k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_order.c:842:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(colname, "%s%"CPL_SIZE_FORMAT, XSH_ORDER_TABLE_COLNAME_EDGUP, k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_order.c:845:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(colname, "%s%"CPL_SIZE_FORMAT, XSH_ORDER_TABLE_COLNAME_EDGLO, k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_order.c:849:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(colname, "%s%"CPL_SIZE_FORMAT, XSH_ORDER_TABLE_COLNAME_SLICUP, k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_order.c:853:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(colname, "%s%"CPL_SIZE_FORMAT, XSH_ORDER_TABLE_COLNAME_SLICLO, k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_order.c:884:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(colname, "%s%"CPL_SIZE_FORMAT, XSH_ORDER_TABLE_COLNAME_CENTER, k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_order.c:892:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(colname, "%s%"CPL_SIZE_FORMAT, XSH_ORDER_TABLE_COLNAME_EDGUP, k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_order.c:900:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(colname, "%s%"CPL_SIZE_FORMAT, XSH_ORDER_TABLE_COLNAME_EDGLO, k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_order.c:908:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(colname, "%s%"CPL_SIZE_FORMAT, XSH_ORDER_TABLE_COLNAME_SLICLO, k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_order.c:916:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(colname, "%s%"CPL_SIZE_FORMAT, XSH_ORDER_TABLE_COLNAME_SLICUP, k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_pre.c:87:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cor_fname, "PREOVER_COR_%s", xsh_get_basename(fname)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_pre.c:1108:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"PRODUCT_%s",cpl_frame_get_filename (frame)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_pre.c:1113:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( filename, "%s_%dx%d_%s.fits", prefix, pre->binx, pre->biny, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_pre.c:1117:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( filename, "%s_%dx%d.fits", prefix, pre->binx, pre->biny ); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_pre.c:1497:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"SUB_%s_%d_%s",spec,i,name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_pre.c:2809:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name_o,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_rec.c:746:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( fname,"%s.fits", tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_shift_tab.c:174:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"%s.fits",tag) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectralformat.c:167:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( result->list[i].lamp, lamp); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectrum.c:943:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(oname,"tmp_%s",fname); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectrum.c:955:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd,"mv %s %s",oname,fname); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectrum.c:956:12: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. assure(system(cmd)==0,CPL_ERROR_UNSPECIFIED,"unable to mv file"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectrum.c:1011:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(oname,"tmp_%s",fname); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectrum.c:1029:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd,"mv %s %s",oname,fname); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectrum.c:1030:13: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. assure(system(cmd)==0,CPL_ERROR_UNSPECIFIED,"unable to mv file"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectrum1D.c:401:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_key,"%s%d VAL",XSH_QC_FLUX,index); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectrum1D.c:403:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_key,"%s VAL",XSH_QC_FLUX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectrum1D.c:417:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_key,"%s%d ERR",XSH_QC_FLUX,index); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectrum1D.c:419:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_key,"%s ERR",XSH_QC_FLUX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectrum1D.c:431:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_key,"%s%d SN",XSH_QC_FLUX,index); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectrum1D.c:433:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_key,"%s SN",XSH_QC_FLUX); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_wavemap.c:940:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(fname,fname,iter); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:622:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). check(strcpy(dpr_type,xsh_pfits_get_dpr_type(pre->data_header))); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:668:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(basename,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:669:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(new_name,"local_%s",basename); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1142:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rtag,"%s%s%s",type,"RESID_TAB_ORDERS_", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1145:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rtag,"%s%s%s",type,"RESID_ALL_TAB_ORDERS_", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1149:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rname,"%s%s",rtag,".fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1206:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wave_table_name,"%s%s.fits","WAVE_TAB_GUESS_", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1244:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wave_table_name,"%s%s.fits","WAVE_TAB_2D_", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1288:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname,"%s%s",tag,".fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1303:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rtag,"%s%s%s",type,"RESID_TAB_LINES_", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1306:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rtag,"%s%s%s",type,"RESID_TAB_ALL_LINES_", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1314:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rname,"AFC_CAL_%s%s",rtag,".fits") ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1317:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rname,"AFC_ATT_%s%s",rtag,".fits") ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1320:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rname,"%s%s",rtag,".fits") ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1522:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). check(strcpy(dpr_type,xsh_pfits_get_dpr_type(pre->data_header))); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1563:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(basename,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1564:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(new_name,"local_%s",basename); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:2047:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rtag,"%s%s%s",type,"RESID_TAB_ORDERS_", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:2050:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rname,"%s%s",rtag,".fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:2103:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wave_table_name,"%s%s.fits","WAVE_TAB_GUESS_", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:2141:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wave_table_name,"%s%s.fits","WAVE_TAB_2D_", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:2181:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname,"%s%s",tag,".fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:2196:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rtag,"%s%s%s",type,"RESID_TAB_DRL_LINES_", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:2199:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rtag,"%s%s%s",type,"RESID_TAB_LINES_", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:2207:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rname,"AFC_CAL_%s%s",rtag,".fits") ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:2210:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rname,"AFC_ATT_%s%s",rtag,".fits") ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:2213:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rname,"%s%s",rtag,".fits") ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_continuum.c:229:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( dirname1, "Ord_%s", xsh_instrument_arm_tostring( instrument ) ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_continuum.c:230:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if ( access( dirname1, 0 ) != 0 ) { data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_continuum.c:231:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( cmd, "mkdir %s", dirname1 ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_continuum.c:232:7: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system( cmd ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_continuum.c:234:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( dirname2, "%s/O_%02d", dirname1, order ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_continuum.c:235:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if ( access( dirname2, 0 ) != 0 ) { data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_continuum.c:236:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( cmd, "mkdir %s", dirname2 ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_continuum.c:237:7: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system( cmd ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_continuum.c:240:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( fname, "%s/fit_%04d", dirname2, y ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_continuum.c:280:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(logname,"orderpos_%s.dat",xsh_instrument_arm_tostring(instrument)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_continuum.c:300:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"%s%s%s",XSH_ORDERPOS_RESID_TAB,"_", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_continuum.c:302:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(frame_name,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_continuum.c:996:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"%s",XSH_GET_TAG_FROM_ARM(XSH_ORDER_TAB_CENTR,instr)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_continuum.c:997:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(frame_name,"%s%s",tag,".fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_order.c:527:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name_t,"%s%s",name_o,".fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detmon_lg.c:4964:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(kname, "%s%d", DETMON_QC_CONTAM, i + 1); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:242:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(cpl_frame_get_filename(frame), F_OK)) { data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:1550:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "%s_PRE_%d.fits", prefix, i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:1551:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag, "%s_PRE_%d", prefix, i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:2009:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( product_id, "%s%s_%s", XSH_PRODUCT_PREFIX, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:2013:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( product_id, "%s%s", XSH_PRODUCT_PREFIX, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:2108:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( product_id, "%s%s_%s", XSH_PRODUCT_PREFIX, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:2112:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( product_id, "%s%s", XSH_PRODUCT_PREFIX, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:2123:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd,"mv %s tmp_spc.fits",name_s); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:2124:7: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(cmd); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:2300:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( product_id, "%s%s_%s", XSH_PRODUCT_PREFIX, pro_catg, date); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:2303:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( product_id, "%s%s", XSH_PRODUCT_PREFIX, pro_catg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:2405:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( product_id, "%s%s_%s", XSH_PRODUCT_PREFIX, pro_catg, date); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:2408:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( product_id, "%s%s", XSH_PRODUCT_PREFIX, pro_catg ); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:2622:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd,"mv %s tmp_ima.fits",fname); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:2623:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(cmd); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:2767:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd,"mv %s tmp_ima.fits",fname); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:2768:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(cmd); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:4244:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(new_name,"fctx%d_fcty%d_%s",binx,biny,basename); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:4522:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(new_name,"cut_nir_HJ_%s",basename); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:4789:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"%s_%s",XSH_MASTER_FLAT_SLIT,xsh_instrument_arm_tostring(inst)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_divide.c:96:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( filename, "%s.fits", tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.c:76:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag_ou, "%s_%s", XSH_BP_MAP, xsh_instrument_arm_tostring(inst)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.c:173:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "%s.fits", tag_ou); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.c:220:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( wave_map_tag, "%s_%s_%s", rec_prefix, XSH_WAVE_MAP_MODEL, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.c:222:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( slit_map_tag, "%s_%s_%s", rec_prefix, XSH_SLIT_MAP_MODEL, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.c:312:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( rmbias_tag, "%s_%s_%s", prefix,"ON", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.c:358:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( result_name, "%s_DARK.fits", prefix); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.c:397:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( result_tag, "%s_DIVFF_%s", prefix, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.c:438:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( result_tag, "%s_NOCRH_%s", prefix, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.c:440:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( result_name, "%s.fits",result_tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.c:507:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( result_tag,"%s_SKY_%s", prefix, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.c:509:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( result_name,"%s.fits", result_tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.c:540:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( result_tag,"%s_SKY_%s", prefix, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.c:542:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( result_name,"%s.fits", result_tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.c:623:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sky_tag,"%s_TMP_SKY_%s",rec_prefix, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.c:651:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rec_name,"%s_%s_%s.fits", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.c:686:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sky_name,cpl_frame_get_filename(sky_frame_ima)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_extract.c:811:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag, "%s_%s", rec_prefix, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_extract.c:840:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag, "%s_%s", rec_prefix, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_extract.c:904:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag, "%s_%s", rec_prefix, tag_suf); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_flat_merge.c:377:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_tag,"MFLAT_BACK_%s_%s", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_flat_merge.c:381:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name,"%s.fits",file_tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_flat_merge.c:665:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_tag,"MFLAT_BACK_%s_%s", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_flat_merge.c:669:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name,"%s.fits",file_tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_flexcor.c:227:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( result_name, "%s.fits", tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_flexcor.c:269:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( result_name, "%s.fits", tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_flexcor.c:287:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( result_name, "%s.fits", tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_flexcor.c:448:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( thename, "AFC_THEOTAB_%s.fits", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_follow_arclines.c:1215:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tag, "FOLLOW_LINETILT_%s_%s", tag_id, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_follow_arclines.c:1217:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_follow_arclines.c:1222:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tag, "TILT_TAB_%s_%s", tag_id, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_follow_arclines.c:1240:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tag, "SHIFT_TAB_%s_%s", tag_id, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_follow_arclines.c:1386:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tag_id, "%s_IFU", SlitletName[ifu]) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_format.c:231:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pcatg,"%s_%s",rec_prefix, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_format.c:261:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"%s_%s",rec_prefix, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_format.c:523:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pcatg, "%s_%s",rec_prefix, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_format.c:583:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( result_name, "%s.fits", pcatg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_ifu.c:107:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( result_name, "%s.fits", tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_ifu.c:113:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( result_name, "%s.fits", tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_ifu.c:119:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( result_name, "%s.fits", tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:270:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"LOCALIZATION_TABLE_%s.fits", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:274:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(filename,fname); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:544:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( coadd_name, "%s_%d_%d.dat",filename,ifirst,ilast); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:715:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( debug_name, "%s_points.dat",filename); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:933:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( fname ,"LOCALIZE_TABLE_%s_IFU_%s.fits", SlitletName[slitlet], data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:1319:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( test_name, "data_w%f_%s.dat", wpos_data[data_size],resname); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:1330:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( test_name, "gauss_w%f_%s.dat", wpos_data[data_size],resname); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:1411:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( test_name, "cpl_gaussian_fit_%s.dat", resname); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:1413:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( test_name, "gsl_gaussian_fit_%s.dat", resname); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:1476:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf( tablename, resname); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:1592:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( fname ,"%s_LOCIFU_%s_%s.fits", prefix, SlitletName[slitlet], data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_merge_ord.c:515:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"%s_%s",rec_prefix,tag_suf); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_io.c:691:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf((p_all_par+ii)->name, (char*)cpl_table_get_string(tab, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_kernel.c:2530:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s.fits", wtag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_kernel.c:2557:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s.fits", stag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_kernel.c:3055:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tab_filename2,"long_%s",tab_filename); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_kernel.c:3730:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf((p_all_par+ii)->name, "%s", "\n"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_kernel.c:5057:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(out_cfg_filename,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_kernel.c:5843:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name_o,"%s%s", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_kernel.c:5945:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( fname, "order_%s_%02d.dat", arm, order ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_kernel.c:6227:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_utils.c:127:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(THE_filename,"%s%s",pro_catg,".fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_utils.c:284:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(local_cfg_name,"local_cfg_name_%s.fits", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_msg.c:146:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf (printbuffer, MAXSTRINGLENGTH - 1, format, al); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_msg.h:127:24: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((format (printf, 2, 3))) data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_multiply.c:98:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( filename, "%s.fits", tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2685:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"%s_%s",rec_prefix,XSH_GET_TAG_FROM_ARM(XSH_ORDER_EXT1D,instrument)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2690:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2705:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"%s_%s",rec_prefix,XSH_GET_TAG_FROM_ARM(XSH_ORDER_OXT1D,instrument)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2706:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag_drl,"%s_DRL",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2711:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2712:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename_drl,"DRL_%s.fits",filename); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2729:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"%s_OXT_SUBEXTRACT",rec_prefix); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2735:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"%s_OXT_S2DDIV1D",rec_prefix); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2741:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"%s_OXT_MODEL",rec_prefix); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2747:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"%s_OXT_WEIGHT",rec_prefix); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_paf_save.c:173:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf( curname, kformat, i ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_paf_save.c:247:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(paf_id, instrument); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_paf_save.c:249:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(paf_id, recipe); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_paf_save.c:475:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. cpl_ensure_code(fprintf(paf, PAF_KEY_FORMAT "%d\n", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_paf_save.c:479:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. cpl_ensure_code(fprintf(paf, PAF_KEY_FORMAT "%d ; # %s\n", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_paf_save.c:503:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. cpl_ensure_code(fprintf(paf, PAF_KEY_FORMAT "%.10g\n", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_paf_save.c:507:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. cpl_ensure_code(fprintf(paf, PAF_KEY_FORMAT "%.10g ; # %s\n", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_paf_save.c:534:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. cpl_ensure_code(fprintf(paf, PAF_KEY_FORMAT "\"%s\"\n", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_paf_save.c:538:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. cpl_ensure_code(fprintf(paf, PAF_KEY_FORMAT "\"%s\" ; # %s\n", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:58:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(recipename,"xsh.%s",recipe_id); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:59:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(paramname,"%s.%s",recipename,name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:81:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(recipename,"xsh.%s",recipe_id); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:82:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(paramname,"%s.%s",recipename,name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:128:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(recipename,"xsh.%s",recipe_id); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:129:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(paramname,"%s.%s",recipename,name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:151:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(recipename,"xsh.%s",recipe_id); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:152:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(paramname,"%s.%s",recipename,name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:174:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(recipename,"xsh.%s",recipe_id); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:175:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(paramname,"%s.%s",recipename,name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:199:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(recipename,"xsh.%s",recipe_id); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:200:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(paramname,"%s.%s",recipename,name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:226:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(recipename,"xsh.%s",recipe_id); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:227:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(paramname,"%s.%s",recipename,name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:249:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(paramname,"xsh.%s.%s",recipe_id, name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:268:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(recipename,"xsh.%s",recipe_id); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:269:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(paramname,"%s.%s",recipename,name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:288:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(recipename,"xsh.%s",recipe_id); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:289:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(paramname,"%s.%s",recipename,name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:307:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(recipename,"xsh.%s",recipe_id); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:308:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(paramname,"%s.%s",recipename,name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:340:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(paramname,"xsh.%s.%s",recipe_id, name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:360:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(recipename,"xsh.%s",recipe_id); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:361:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(paramname,"%s.%s",recipename,"pre-overscan-corr"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:1048:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(recipename,"xsh.%s",recipe_id); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:1049:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(paramname,"%s.%s",recipename,"detectorder-slice-trace-method"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:2263:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( result->rectif_kernel, p ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_pfits.c:3729:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf( name, XSH_SLITMAP_ORDER_EDGUP, absorder); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_pfits.c:3747:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf( name, XSH_SLITMAP_ORDER_EDGLO, absorder); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_pfits.c:3764:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf( name, XSH_SLITMAP_ORDER_SLICUP, absorder); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_pfits.c:3781:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf( name, XSH_SLITMAP_ORDER_SLICLO, absorder); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_pfits.c:3799:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf( name, XSH_SLITMAP_ORDER_CEN, absorder); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_pfits.c:3984:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf( name, XSH_WAVEMAP_ORDER_LAMBDA_MIN, absorder); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_pfits.c:4002:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf( name, XSH_WAVEMAP_ORDER_LAMBDA_MAX, absorder); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_pfits_qc.c:1148:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf( real_kw, kformat, idx ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_prepare.c:165:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( result_name, "%s_QTH_PRE_%d.fits", prefix, i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_prepare.c:167:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( result_name, "%s_D2_PRE_%d.fits", prefix, i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_prepare.c:169:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( result_name, "%s_PRE_%d.fits", prefix, i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_prepare.c:172:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( result_name, "%s_PRE_%d.fits", prefix, i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_prepare.c:174:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( result_tag, "%s_PRE_%d", prefix, i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_rectify.c:890:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"%s_%s",rec_prefix, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_rectify.c:1257:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tag_drl ,"%s_DRL", tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_rectify.c:1258:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( res_name_drl ,"DRL_%s", res_name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_rectify.c:1273:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tag_drl ,"%s_TAB", tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_rectify.c:1274:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( res_name_drl ,"TAB_%s", res_name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_rectify.c:1635:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"%s_%s",rec_prefix, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_rectify.c:1637:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(res_name,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_rectify.c:1646:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"%s_%s",rec_prefix, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_rectify.c:1648:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(res_name,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_rectify.c:1658:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"%s_%s",rec_prefix, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_rectify.c:1660:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(res_name,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_remove_crh_multi.c:465:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(result_name, "%s.fits", result_tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_remove_crh_multi.c:495:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. check(sprintf(name,"%s.fits",XSH_GET_TAG_FROM_ARM(XSH_CRH_MAP,instr))); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_star_index.c:80:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pret->fits_file_name, fits_file); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract.c:162:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"%sON_%s",type,xsh_instrument_arm_tostring (instr)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract.c:167:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(resultname,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract.c:652:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name,"bkg_mask_%s.fits",prefix); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_nod.c:143:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( frame_name, "SUBTRACTED_NOD_AB_%d_%s.fits", i/2, arm_name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_nod.c:151:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( frame_name, "SUBTRACTED_NOD_BA_%d_%s.fits", i/2, arm_name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_offset.c:100:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( arm_name, "%s", xsh_instrument_arm_tostring( instrument)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_offset.c:114:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( a_b_name ,"SKY_SUBTRACTED_OFFSET_%s_%d.fits", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:1349:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rname,"%s.reg",prefix); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:1350:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tname,"%s.fits",prefix); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:1502:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rname,"%s.reg",prefix); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:1503:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tname,"%s.fits",prefix); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:5583:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag, "%s_SUB_SKY_%s", rec_prefix, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:5585:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname, "%s.fits", tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:5755:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"%s_DRL_SKY_ORD1D_%s", rec_prefix, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:5757:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:5766:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tag,"%s_SKY_ORD1D_%s", rec_prefix, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:5768:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:5806:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sky_name,"%s.fits",sky_tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:5828:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( result_tag, "%s_OBJ_AND_SKY_NOCRH_%s", prefix, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:5830:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( result_name, "%s.fits", result_tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:901:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name_o,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1441:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( TempFiles[NbTemp], name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1481:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( ProdFiles[NbProducts], name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1668:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (result, "%s", s); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1730:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (result, "%s%s", s1, s2); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1766:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (result, "%s%s%s", s1, s2, s3); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1805:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (result, "%s%s%s%s", s1, s2, s3, s4); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1847:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (result, "%s%s%s%s%s", s1, s2, s3, s4, s5); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1893:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (result, "%s%s%s%s%s%s", s1, s2, s3, s4, s5, s6); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1941:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (result, s); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:3929:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( name ,"ABS_%s", filename); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:3932:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( name ,"SIGN_%s", filename); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:4213:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_flux_min,"%s%d%s",qc_key_prefix,i," MIN"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:4214:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_flux_max,"%s%d%s",qc_key_prefix,i," MAX"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:4223:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_flux_min,"%s%s",qc_key_prefix," MIN"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:4224:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_flux_max,"%s%s",qc_key_prefix," MAX"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:4300:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd,"mv tmp.fits %s",fname); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:4301:3: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(cmd); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:4302:3: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system("rm -f tmp.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:5683:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name_o,"%s.fits",tag_o); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_efficiency.c:455:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prod_tag,"EFFICIENCY_%s",xsh_instrument_arm_tostring(inst)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_efficiency.c:456:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prod_name,"%s.fits",prod_tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_efficiency.c:1089:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key_name,"%s%2d", XSH_QC_EFF_PEAK_ORD,ord); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_efficiency.c:1097:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key_name,"%s%2d", XSH_QC_EFF_MED_ORD,ord); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_efficiency.c:1123:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"EFFICIENCY_%s_%s",xsh_instrument_mode_tostring(instrument), data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_efficiency.c:1125:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:955:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"TRACE_OBJ_%s",xsh_arm_tostring(arm)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:956:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1089:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key_name,"%s_%s",prefix,"T1"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1092:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key_name,"%s_%s",prefix,"T2"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1095:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key_name,"%s_%s",prefix,"T3"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1137:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ptag,"IFU_CFG_COR_%s",xsh_instrument_arm_tostring(inst)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1138:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pname,"%s.fits",ptag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1191:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name_o, "%s.fits", tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1221:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name_o,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1271:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag_o,"%s_%s",XSH_IFU_MAP_SKY,xsh_instrument_arm_tostring(instrument)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1272:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name_o,"%s.fits",tag_o); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1301:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag_o,"%s_%s","IFU_MAP_SKY_RA",xsh_instrument_arm_tostring(instrument)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1306:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag_o,"%s_%s","IFU_MAP_SKY_DEC",xsh_instrument_arm_tostring(instrument)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1311:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag_o,"%s_%s","IFU_MAP_SKY_AREA",xsh_instrument_arm_tostring(instrument)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1405:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_key,"%s%d%d VAL",XSH_QC_FLUX,j,index); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1407:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_key,"%s%d VAL",XSH_QC_FLUX,j); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1415:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_key,"%s%d%d ERR",XSH_QC_FLUX,j,index); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1417:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_key,"%s%d ERR",XSH_QC_FLUX,j); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1423:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_key,"%s%d%d SN",XSH_QC_FLUX,j,index); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1425:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_key,"%s%d SN",XSH_QC_FLUX,j); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:2171:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"%s_ORDER3D_DATA_%s_%s",rec_prefix,qualifier, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:2173:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:2220:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name,"QC%s_%2.2d.fits",tag,ord); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:2229:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"%s_MERGE3D_DATA_%s_%s",rec_prefix,qualifier, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:2231:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:2288:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"%s_MERGE3D_%s",rec_prefix,qualifier); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:2304:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"%s_ORDER3D_DATA_%s",rec_prefix,qualifier); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:2693:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"MERGE3D_TRACE_OBJ_%s_%s", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:2695:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:2773:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"OBJ_POS_ORD_%s_%s", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:2775:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:2964:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key_name,"%s_%s",XSH_QC_TRACE_FIT_C0,qualifier); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:2970:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key_name,"%s_%s",XSH_QC_TRACE_FIT_C1,qualifier); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:2976:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key_name,"%s_%s",XSH_QC_TRACE_FIT_C2,qualifier); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:3033:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key_name,"%s_%s",XSH_QC_TRACE_FIT_C0,col_comp); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:3035:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key_name,"%s_%s",XSH_QC_TRACE_FIT_C1,col_comp); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:3037:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key_name,"%s_%s",XSH_QC_TRACE_FIT_C2,col_comp); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:3040:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key_name,"%s_%s",XSH_QC_TRACE_FIT_C0,col_ref); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:3042:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key_name,"%s_%s",XSH_QC_TRACE_FIT_C1,col_ref); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:3044:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key_name,"%s_%s",XSH_QC_TRACE_FIT_C2,col_ref); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:3254:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"%s_%s_TRACE_OBJ_%s", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:3256:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:4057:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(new_name,"fctx%d_fcty%d_%s",fctx,fcty,basename); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:4133:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(new_name,"fctx%d_fcty%d_%s",fctx,fcty,basename); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:4221:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(oname,"tmp_%s",fname); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:4265:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd,"mv %s %s",oname,fname); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:4266:12: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. assure(system(cmd)==0,CPL_ERROR_UNSPECIFIED,"unable to mv file"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:328:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( ftag,"med_%s%d", type, nod_number); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:329:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name,"%s.fits",ftag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:515:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( ftag,"med_%s%d", type, nod_number); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:516:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name,"%s.fits",ftag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:555:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname,"tmp_%s",cpl_frame_get_filename(src)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:710:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname_o,"MED_COR_%s",fname_i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:752:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name,"REC2_%s_%s",qual_name,nod_name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:760:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name,"SHIFT2_%s_%s",qual_name,nod_name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:770:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name,"REC1_FAST_%s_%s",qual_name,nod_name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:780:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name,"REC1_FAST_%s_%s",qual_name,nod_name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:788:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name,"SHIFT1_FAST_%s_%s",qual_name,nod_name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:873:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"DIV2_FLATFIELD_%s", xsh_instrument_arm_tostring(instrument)) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:874:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name,"%s.fits",tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:896:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag,"NOCRH_EFF_%s",xsh_instrument_arm_tostring(instrument)) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:983:14: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. file_exist=access(throw_name, F_OK); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1040:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( str, "AB_%d_%s", i/2, xsh_instrument_arm_tostring(instrument)) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1044:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( str, "BA_%d_%s", i/2, xsh_instrument_arm_tostring(instrument)) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1058:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_tag,"SLIT_NOD_NOCRH_FF_%s", str); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1065:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name,"LOC_REC_%s.fits", str); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1071:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( file_name,"LOCALIZE_%s.fits", str); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1077:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name,"DRL_INV_LOC_REC_%s", str); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1082:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name,"INV_LOCALIZE_%s.fits", str); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1093:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name,"SHIFT_REC_NOCRH_%s.fits", str); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1112:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name,"LOCALIZE_%s.fits", str); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1118:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name,"DRL_INV_LOC_REC_%s", str); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1122:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name,"INV_LOCALIZE_%s.fits", str); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1543:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(arm_str,"%s",xsh_instrument_arm_tostring(inst)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1546:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_tag,"%s_%s_%s",rec_prefix,XSH_NORM_ORDER1D,arm_str); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1548:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_tag,"%s_%s_%s",rec_prefix,XSH_NORM_OXT1D,arm_str); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1551:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name,"%s.fits",file_tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1556:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_tag,"%s_%s_%s",rec_prefix,XSH_FLUX_ORDER1D,arm_str); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1558:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_tag,"%s_%s_%s",rec_prefix,XSH_FLUX_OXT1D,arm_str); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1560:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name,"%s.fits",file_tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1593:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(arm_str,"%s",xsh_instrument_arm_tostring(inst)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1595:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_tag,"%s_%s_%s",rec_prefix,XSH_NORM_ORDER2D,arm_str); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1596:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name,"%s.fits",file_tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1601:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_tag,"%s_%s_%s",rec_prefix,XSH_FLUX_ORDER2D,arm_str); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2137:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sky_tag,"%s_TMPSKY",rec_prefix); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2138:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sky_name,"%s.fits",sky_tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2162:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rec_name,"%s_%s_%s.fits", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2232:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wave_map_tag,"%s_%s_%s",rec_prefix,XSH_WAVE_MAP_MODEL, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2234:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(slit_map_tag,"%s_%s_%s",rec_prefix,XSH_SLIT_MAP_MODEL, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2275:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_tag,"%s_NORM2D_%s",prefix,xsh_instrument_arm_tostring(inst)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2277:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_tag,"%s_FLUXCAL2D_%s",prefix,xsh_instrument_arm_tostring(inst)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2279:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_tag,"%s_NORM1D_%s",prefix,xsh_instrument_arm_tostring(inst)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2281:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_tag,"%s_FLUXCAL1D_%s",prefix,xsh_instrument_arm_tostring(inst)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2583:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd,"mv %s %s",name,tname); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2584:6: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(cmd); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2613:7: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(cmd); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2727:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd,"mv %s %s",name,tname); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2728:4: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(cmd); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2753:4: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(cmd); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2767:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd,"mv %s %s",name,tname); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2768:4: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(cmd); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2792:4: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(cmd); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2852:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( arm_str, "%s", xsh_instrument_arm_tostring(instrument) ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2861:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ftag,"%s_%s_NO_CRH_%s_%d",prefix,spec,arm_str,i) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2862:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname,"%s.fits",ftag) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2916:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( arm_str, "%s", xsh_instrument_arm_tostring(instrument) ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2920:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ftag, "FF_%d_SLIT_OFFSET_%s", i,arm_str); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2921:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname, "%s.fits", ftag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_table.c:245:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_intavg_name,"%s %s",QC_WAVECAL_INTAVG,element); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_table.c:246:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(comment,QC_WAVECAL_INTAVG_C); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_table.c:250:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_nlinint_name,"%s %s",QC_WAVECAL_NLININT,element); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_table.c:251:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(comment,QC_WAVECAL_NLININT_C); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_table.c:762:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(qc_key,"ESO QC %s%d",prefix,index); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_table.c:763:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(comment,"Mean value of %s in %4.0f-%4.0f nm",prefix,ws,we); data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_buffer.c:286:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. getenv("HDRL_BUFFER_MALLOC")) { data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_utils.c:526:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. getenv("TMPDIR"), data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_der_snr-test.c:263:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand (time(NULL)); data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_spectrum1d-test.c:3098:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(500); data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_plugin.c:552:17: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("CPL_MSG_LEVEL") == NULL) cpl_msg_set_level(CPL_MSG_OFF); data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_plugin.c:650:27: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. svalue = envvar ? getenv(envvar) : NULL; data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_plugin.c:857:46: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char * sof_path = envname ? getenv(envname) : NULL; data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_plugin.c:898:29: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char * sof_path = getenv(var_name); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_atrous.c:98:18: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (( opt = getopt_long (argc, argv, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_build_cube.c:106:18: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (( opt = getopt_long (argc, argv, "debug:help", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_combine_nod.c:127:18: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (( opt = getopt_long (argc, argv, Options, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_compute_absorp.c:93:18: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (( opt = getopt_long (argc, argv, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_compute_response.c:90:18: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (( opt = getopt_long (argc, argv, Options, LongOptions, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_compute_shift_ifu.c:101:18: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (( opt = getopt_long (argc, argv, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_correl_gaussians.c:92:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while( (opt = getopt_long( argc, argv, "debug:help", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_cpl_vector_correl_gaussians.c:91:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while( (opt = getopt_long( argc, argv, "debug:help", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_create_map.c:95:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while( (opt = getopt_long( argc, argv, "debug:help", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_cube.c:127:18: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (( opt = getopt_long (argc, argv, Options, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_order.c:109:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while( (opt = getopt_long( argc, argv, Options, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_spectrum_merge_3d.c:106:18: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (( opt = getopt_long (argc, argv, Options, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_wave_tab_2d.c:112:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while( (opt = getopt_long( argc, argv, "debug:help", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_wave_tab_2d_sample.c:96:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while( (opt = getopt_long( argc, argv, Options, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_detect_arclines.c:127:18: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (( opt = getopt_long (argc, argv, "half_window_size:deg_lambda:"\ data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_detect_order.c:122:18: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (( opt = getopt_long (argc, argv, Options, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_divide_flat.c:94:18: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (( opt = getopt_long (argc, argv, "debug:help", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_extract.c:101:18: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (( opt = getopt_long (argc, argv, "slit_position:slit_height:method", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_extract_clean.c:104:18: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (( opt = getopt_long (argc, argv, "slit_position:slit_height:method", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_extract_clean_sym.c:105:18: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (( opt = getopt_long (argc, argv, "slit_position:slit_height:method", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_gaussian_fit.c:99:18: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (( opt = getopt_long (argc, argv, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_geom_ifu.c:126:18: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (( opt = getopt_long (argc, argv, Options, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_lambda_err.c:102:18: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (( opt = getopt_long (argc, argv, "oversample:box-hsize:chunk-size", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_localize_ifu.c:126:18: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (( opt = getopt_long (argc, argv, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_localize_obj.c:120:18: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (( opt = getopt_long (argc, argv, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_mark_tell.c:88:18: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (( opt = getopt_long (argc, argv, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_model_maps_create.c:111:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while( (opt = getopt_long( argc, argv, Options, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_opt_extract.c:121:18: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (( opt = getopt_long (argc, argv, "oversample:box-hsize:chunk-size", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_rectify.c:124:18: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (( opt = getopt_long (argc, argv, Options, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_remove_crh_multiple.c:281:18: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (( opt = getopt_long (argc, argv, "debug:help", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_remove_crh_single.c:110:18: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (( opt = getopt_long (argc, argv, "sigma_lim:f_lim", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_slitmap.c:94:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while( (opt = getopt_long( argc, argv, "debug:help", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_background.c:98:18: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (( opt = getopt_long (argc, argv, Options, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_bias.c:95:18: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (( opt = getopt_long (argc, argv, "debug:help", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_dark.c:91:18: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (( opt = getopt_long (argc, argv, "debug:help", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_sky_nod.c:100:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while( (opt = getopt_long( argc, argv, Options, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_sky_single.c:105:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while( (opt = getopt_long( argc, argv, Options, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_xcorrel_gaussians.c:93:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while( (opt = getopt_long( argc, argv, "debug:help", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_r250.c:131:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand( sd ); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_r250.c:143:34: [3] (random) lrand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. r250_buffer[j] = (unsigned int)lrand48(); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:114:4: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned) time(&t)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:155:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)time(NULL)); data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_classify.c:75:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *g_colsfull[NCOLFULL] = { data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_classify.c:187:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *cols[ NCOLFULL]; data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_classify.c:238:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char colname[32]; data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_classify.c:239:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(colname, "Areal_%ld_profile", (long int)i + 1); data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_table.c:100:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *ttype[NCOLS]={"Sequence_number","Isophotal_flux", data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_table.c:129:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *tunit[NCOLS]={"Number","ADU", data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_table.c:209:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ap_t *ap, const char *col_ellipt, const char *col_pkht, data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_table.c:209:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ap_t *ap, const char *col_ellipt, const char *col_pkht, data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_table.c:210:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *col_areals[NAREAL], cpl_size nobjects, cpl_table *tab); data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_table.c:294:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *areal_colnames[NAREAL]; data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_table.c:296:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. areal_colnames[i] = (const char *)ttype[g_areal_cols[i] - 1]; data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_table.c:721:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ap_t *ap, const char *col_ellipt, const char *col_pkht, data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_table.c:721:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ap_t *ap, const char *col_ellipt, const char *col_pkht, data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/catalogue/hdrl_cat_table.c:722:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *col_areals[NAREAL], cpl_size nobjects, cpl_table *tab) data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_collapse.c:1871:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ddst + y, dsrc, cpl_vector_get_size(src->reject_low)); data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_collapse.c:1874:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ddst + y, dsrc, cpl_vector_get_size(src->reject_high)); data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_utils.c:550:18: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). int fd = mkstemp(template); data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_utils.c:844:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ddata, sdata, naxis1 * naxis2 * sizeof(ddata[0])); data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_utils.c:1591:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dstatus[i], cpl_array_get_data_int(lstatus), data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_dar-test.c:796:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *skeys[2] = {"CTYPE1", "CTYPE2"}; data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_dar-test.c:797:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *svals[2] = {"RA---ZPN", "DEC--ZPN"}; data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_dar-test.c:802:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *dkeys[13] = {"CRVAL1", "CRVAL2", "CRPIX1", "CRPIX2", data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/tests/hdrl_dar-test.c:813:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *ikeys[3] = {"NAXIS","NAXIS1","NAXIS2"}; data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_cat.c:287:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullname[FILENAME_SZBUF]; data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_plugin.c:493:34: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). stream = is_debug ? stdout : fopen("/dev/null", "a"); data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_plugin.c:655:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). = svalue ? atoi(svalue) : cpl_parameter_get_default_bool(p); data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_plugin.c:661:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). = svalue ? atoi(svalue) : cpl_parameter_get_default_int(p); data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_plugin.c:1030:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[LINE_LEN_MAX + 1]; data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_plugin.c:1031:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[LINE_LEN_MAX + 1], group[LINE_LEN_MAX + 1], tag[LINE_LEN_MAX + 1]; data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_plugin.c:1037:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(name, "r"); data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_utils.c:1010:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). stream = fopen(rawfile, "r"); data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_wlxcorr.c:973:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char title_loc[1024] ; data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/tests/irplib_utils-test.c:130:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zero[100] = {0}; data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/tests/irplib_utils-test.c:168:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[32] = ""; data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/tests/irplib_utils-test.c:256:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(filename1, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/tests/irplib_utils-test.c:260:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(filename2, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/tests/irplib_wlxcorr-test.c:134:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ? fopen("/dev/null", "a") : stdout; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_2dmap.c:200:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_2dmap.c:511:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wave_map_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_2dmap.c:512:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char slit_map_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_2dmap.c:515:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_2dmap.c:517:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_2dmap.c:525:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_2dmap.c:730:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rtag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_2dmap.c:731:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fout[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_2dmap.c:880:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tag,"WAVE_ON"); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_cfg_recover.c:1248:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_o[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_cfg_recover.c:2921:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ext_val[10]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_cfg_recover.c:3306:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_o[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_flexcomp.c:195:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_flexcomp.c:465:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_flexcomp.c:473:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wave_map_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_flexcomp.c:474:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char slit_map_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_geom_ifu.c:185:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_geom_ifu.c:186:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recipename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_geom_ifu.c:602:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_geom_ifu.c:604:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char geom_prefix[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_geom_ifu.c:767:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wave_map_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_geom_ifu.c:768:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char slit_map_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_lingain.c:375:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_mbias.c:445:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_mdark.c:359:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bp_map_noise_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_mdark.c:504:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_mdark.c:507:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char med_frame_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_mdark.c:516:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pcatg[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_mdark.c:626:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pcatg, "DARK_ON"); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_mdark.c:634:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pcatg, "DARK_QC"); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_mflat.c:324:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_mflat.c:334:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(prefix, "FLAT_SUB_%d_", i); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_mflat.c:353:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(prefix, "FLAT_SUBTRACT_DARK_%d.fits", i); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_mflat.c:678:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname_d2[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_mflat.c:679:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname_qth[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_orderpos.c:325:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[128]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_orderpos.c:326:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[128] ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_orderpos.c:478:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tag,"ORDERDEF_ON"); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_orderpos.c:481:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tag,"ORDERDEF_ON"); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_predict.c:200:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_predict.c:373:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_predict.c:411:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_predict.c:593:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rtag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_predict.c:594:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fout[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_nod.c:429:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char comb_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_offset.c:427:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_offset.c:428:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char arm_str[16] ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_offset.c:429:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_tag[40]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_offset.c:437:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rec_prefix[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_offset.c:438:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sky_prefix[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_offset.c:439:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sky_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_offset.c:744:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[16] ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_offset.c:746:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( str, "%d", i ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_stare.c:470:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rec_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_stare.c:524:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_stare.c:525:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_stare.c:526:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char arm_str[8] ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_stare.c:528:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_stare.c:536:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sky_prefix[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_stare.c:564:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ftag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_respon_slit_stare.c:565:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_ifu_offset.c:173:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_ifu_offset.c:174:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recipename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_ifu_offset.c:526:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[256], arm_str[16] ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_ifu_offset.c:527:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_ifu_offset.c:755:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[16] ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_ifu_offset.c:757:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( str, "%d", i ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_ifu_stare.c:178:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_ifu_stare.c:179:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recipename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_ifu_stare.c:535:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char div_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_ifu_stare.c:536:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_nod.c:536:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char comb_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_offset.c:453:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_offset.c:454:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char arm_str[16] ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_offset.c:455:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_tag[40]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_offset.c:464:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sky_prefix[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_offset.c:465:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sky_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_offset.c:661:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[16] ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_offset.c:663:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( str, "%d", i ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_stare.c:496:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rec_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_stare.c:557:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_stare.c:558:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_stare.c:559:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_stare.c:569:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sky_prefix[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_stare.c:717:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(prefix, "SCI_SUB_%d_", i); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_scired_slit_stare.c:737:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(prefix, "SCI_%d_SUBTRACT", i); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_util_ifu_offset.c:515:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char arm_str[16] ; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_util_ifu_offset.c:523:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rec_prefix[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_util_ifu_offset.c:524:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sky_prefix[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_util_ifu_stare.c:500:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rec_prefix[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_util_ifu_stare.c:503:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_util_ifu_stare.c:504:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_util_ifu_stare.c:508:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wave_map_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_util_ifu_stare.c:509:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char slit_map_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_util_physmod.c:255:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wave_map_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_util_physmod.c:256:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char slit_map_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_util_physmod.c:402:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char SPF_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_wavecal.c:480:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_prefix[10]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_wavecal.c:481:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[40]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_wavecal.c:630:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wave_map_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_wavecal.c:631:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char slit_map_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_wavecal.c:710:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tag,"ARC_SLIT_ON"); data/cpl-plugin-xshoo-3.5.0+dfsg/recipes/xsh_wavecal.c:712:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tag,"ARC_IFU_ON"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/irplib_error.c:71:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAX_STRING_LENGTH]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/irplib_error.c:72:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char function[MAX_STRING_LENGTH]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/irplib_error.c:75:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errormessage[MAX_STRING_LENGTH]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/irplib_error.c:76:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cplmessage[MAX_STRING_LENGTH]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/irplib_error.c:108:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char error_msg[MAX_STRING_LENGTH]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/irplib_error.c:192:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_cpl[MAX_STRING_LENGTH]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/irplib_error.c:193:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char func_cpl[MAX_STRING_LENGTH]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/irplib_error.c:197:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message_local[MAX_STRING_LENGTH]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-combine_flux_with_scaling.c:711:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-combine_flux_with_scaling.c:733:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name,"bad_%d.fits",k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-combine_flux_with_scaling.c:995:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-combine_flux_with_scaling.c:1000:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"orig_%d.fits",k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-combine_flux_with_scaling.c:1003:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"scaled_%d.fits",k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-combine_flux_with_scaling.c:1077:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-combine_flux_with_scaling.c:1097:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name,"bpm_%d.fits",i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-combine_flux_with_scaling.c:1117:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name,"bpm_tot.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-combine_flux_with_scaling.c:1188:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-combine_flux_with_scaling.c:1210:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name,"bpm_%d.fits",i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-combine_flux_with_scaling.c:1220:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name,"bpm_tot.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-combine_flux_with_scaling.c:1237:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name,"chk_%d.fits",i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-combine_flux_with_scaling.c:1301:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-combine_flux_with_scaling.c:1325:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name,"bpm_%d.fits",i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-combine_flux_with_scaling.c:1335:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name,"bpm_tot.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-combine_flux_with_scaling.c:1352:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name,"chk_%d.fits",i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-combine_flux_with_scaling.c:1403:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-combine_flux_with_scaling.c:1422:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name,"bpm_%d.fits",i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-combine_flux_with_scaling.c:1429:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name,"bpm_tot.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-region_file.c:68:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* region_file = fopen( "ima.reg", "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-spectrum_stat.c:70:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name1[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-tell_catalog.c:66:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char namei[180]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-tell_catalog.c:67:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nameo[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-tell_catalog.c:84:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(namei,"/home/amodigli/pipelines/workspace/xshoop/xsh/tests/telluric_model_catalog_vis.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-tell_catalog.c:85:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(nameo,"telluric_model_catalog_vis_new.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-telluric_sampling.c:70:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name1[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-telluric_sampling.c:71:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name2[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_atrous.c:104:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *nscales = atoi(optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_atrous.c:122:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[200]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_atrous.c:128:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char res_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_atrous.c:153:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen( file_name, "r"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_atrous.c:157:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char col1[20]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_atrous.c:158:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char col2[20]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_atrous.c:180:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen( res_name, "w+"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_build_cube.c:114:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *ifu_center = atoi(optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_build_cube.c:157:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen( filename, "w+"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_build_cube.c:283:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mergename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_build_cube.c:300:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( mergename, "merge2d_%d.fits", k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_combine_nod.c:175:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_combine_nod.c:230:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_combine_nod.c:252:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). datfile = fopen( name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_combine_nod.c:331:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( rectify_par.rectif_kernel, "default"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_combine_nod.c:498:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_combine_nod.c:506:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tag, "COMBINE_NOD%d", i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_compute_absorp.c:99:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *filter_hsize = atoi( optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_compute_noise_map.c:130:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[128] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_compute_noise_map.c:131:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[128] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_compute_noise_map.c:137:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( fname, "noisy_%d.fits", i ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_compute_noise_map.c:138:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tag, "noisy_%d", i ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_compute_noise_map.c:254:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char framename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_compute_noise_map.c:255:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(framename,"frame%d.fits",i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_compute_response.c:60:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char DbgLevel[8] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_compute_response.c:127:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char arm_str[8] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_create_map.c:144:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wavemap_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_create_map.c:145:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char slitmap_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_create_map.c:207:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( wavemap_name, "model_%dx%d_WAVE_MAP", binx, biny); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_create_map.c:208:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( slitmap_name, "model_%dx%d_SLIT_MAP", binx, biny); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_create_map.c:220:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( wavemap_name, "poly_%dx%d", binx, biny); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_atmos_ext.c:124:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen( "atmos_ext.dat", "w" ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_cube.c:248:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( rectify_par.rectif_kernel, "default"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_order.c:89:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char PointType[16] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_order.c:90:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char PointSize[8] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_order.c:92:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char CentralColor[32] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_order.c:105:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( PointType, "cross" ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_order.c:107:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( CentralColor, "green" ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_order.c:124:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). binx = atoi(optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_order.c:126:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). biny = atoi(optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_order.c:207:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). order_tab_file = fopen( "ORDER_TAB.reg", "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_pre.c:154:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pre_file = fopen( "BADPIXEL.reg", "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_spectrum_merge_3d.c:110:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *zchunk_hsize = atoi( optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_spectrum_merge_3d.c:152:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_spectrum_merge_3d.c:246:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( filename, "median_profile_slitbin_%.3f.dat", cdelt2); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_spectrum_merge_3d.c:247:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). profil_file = fopen( filename, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_spectrum_merge_3d.c:273:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( filename, "gaussian_fit.dat"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_spectrum_merge_3d.c:274:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). profil_file = fopen( filename, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_spectrum_merge_3d.c:296:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( filename, "profile_lambda_%d.dat", zchunk_hsize); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_spectrum_merge_3d.c:298:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). profil_file = fopen( filename, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_spectrum_merge_3d.c:350:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( filename, "gsl_localize_pos%d.dat", x); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_spectrum_merge_3d.c:351:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). profil_file = fopen( filename, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_spectrum_order_1D.c:95:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_spectrum_order_1D.c:104:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( name, "spectrum1D_order%d.dat",order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_spectrum_order_1D.c:106:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). datfile = fopen( name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_star_flux.c:124:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen( "star_flux.dat", "w" ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_wave_tab_2d.c:122:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). binx = atoi(optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_wave_tab_2d.c:124:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). biny = atoi(optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_wave_tab_2d.c:211:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). wave_tab_2d_file = fopen( "WAVE_TAB_2D.reg", "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_wave_tab_2d.c:212:26: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). wave_tab_2d_dat_file = fopen( "WAVE_TAB_2D.dat", "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_wave_tab_2d_sample.c:190:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). wave_tab_2d_file = fopen( "WAVE_TAB_2D_sample.reg", "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_wave_tab_2d_sample.c:191:26: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). wave_tab_2d_dat_file = fopen( "WAVE_TAB_2D_sample.dat", "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_detect_arclines.c:135:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). det_arc_par->fit_window_hsize = atoi(optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_detect_arclines.c:138:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). det_arc_par->search_window_hsize = atoi(optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_detect_arclines.c:141:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). det_arc_par->running_median_hsize = atoi(optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_detect_arclines.c:144:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). det_arc_par->wavesol_deg_lambda = atoi(optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_detect_arclines.c:147:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). det_arc_par->wavesol_deg_order = atoi(optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_detect_arclines.c:150:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). det_arc_par->wavesol_deg_slit = atoi(optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_detect_arclines.c:153:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). det_arc_par->ordertab_deg_y = atoi(optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_detect_arclines.c:162:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). clip_par->niter = atoi(optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_detect_line_pos2.c:197:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *p[7] = { /* Parameter names */ data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_detect_order.c:126:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). detectorder_par->search_window_hsize = atoi( optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_detect_order.c:135:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). detectorder_par->min_order_size_x = atoi( optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_detect_order.c:138:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). detectorder_par->chunk_hsize = atoi( optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_detect_order.c:147:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). detectorder_par->fixed_slice = atoi( optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_extract.c:164:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_extract.c:173:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( name, "extract_order%d.dat",order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_extract.c:175:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). datfile = fopen( name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_extract.c:182:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( name, "extract_err_order%d.dat",order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_extract.c:184:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). datfile = fopen( name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_extract_clean.c:135:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *decode_bp=atoi(optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_extract_clean.c:175:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_extract_clean.c:184:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( name, "extract_order%d.dat",order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_extract_clean.c:186:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). datfile = fopen( name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_extract_clean.c:193:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( name, "extract_err_order%d.dat",order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_extract_clean.c:195:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). datfile = fopen( name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_extract_clean_sym.c:136:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *decode_bp=atoi(optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_gaussian_fit.c:118:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[200]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_gaussian_fit.c:123:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char res_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_gaussian_fit.c:157:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen( file_name, "r"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_gaussian_fit.c:161:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char col1[20]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_gaussian_fit.c:162:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char col2[20]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_gaussian_fit.c:199:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen( res_name, "w+"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_gaussian_fit.c:229:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen( res_name, "w+"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_geom_ifu.c:233:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( rectify_par.rectif_kernel, "default"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_guess.c:152:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). themap_file = fopen( "THEMAP.reg", "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_ifu_trace_object.c:100:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fit_method = atoi(argv[5]); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_ifu_trace_object.c:101:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rad_x = atoi(argv[6]); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_lambda_err.c:172:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_lambda_err.c:306:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen( name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_lambda_err.c:338:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen( name,"w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_lambda_err.c:376:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen( name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_localize_ifu.c:132:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *smooth_hsize = atoi(optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_localize_ifu.c:135:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *nscales = atoi(optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_localize_ifu.c:138:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *HF_skip = atoi(optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_localize_ifu.c:153:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *box_hsize = atoi( optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_localize_ifu.c:162:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *deg = atoi( optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_localize_ifu.c:186:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_localize_ifu.c:262:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( result_name, "decomp_CEN.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_localize_ifu.c:265:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( result_name, "decomp_UP.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_localize_ifu.c:268:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( result_name, "decomp_DOWN.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_localize_ifu.c:271:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( result_name, "decomp.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_localize_ifu.c:288:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). result_file = fopen("LOCALIZE_IFU.reg", "w+"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_localize_obj.c:126:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). loc_par->loc_chunk_nb = atoi(optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_localize_obj.c:132:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). loc_par->loc_deg_poly = atoi(optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_localize_obj.c:160:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). loc_par->niter = atoi( optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_localize_obj.c:212:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). loc_regfile = fopen( "LOCALIZATION.reg", "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_localize_obj.c:219:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). loc_datfile = fopen( "LOCALIZATION.dat", "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_mark_tell.c:124:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fulldatfile = fopen("s1d_with_tell.dat","w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_merge_ord.c:113:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fulldatfile = fopen("merge_ord.dat","w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_model.c:96:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sof_line[200]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_model.c:117:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sof_file = fopen( sof_name, "r"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_model.c:119:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char raw_name[200]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_model.c:120:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char raw_tag[200]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_model_maps_create.c:99:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char mode[32] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_model_maps_create.c:109:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( mode, "SLIT" ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_model_maps_create.c:115:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). binx = atoi(optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_model_maps_create.c:117:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). biny = atoi(optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_model_maps_create.c:146:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sof_line[200]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_model_maps_create.c:177:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sof_file = fopen( sof_name, "r"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_model_maps_create.c:180:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char raw_name[200]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_model_maps_create.c:181:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char raw_tag[200]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_opt_extract.c:126:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). opt_extract_par->oversample = atoi( optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_opt_extract.c:129:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). opt_extract_par->box_hsize = atoi( optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_opt_extract.c:132:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). opt_extract_par->chunk_size = atoi( optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_opt_extract.c:144:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). opt_extract_par->clip_niter = atoi( optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_opt_extract.c:147:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). opt_extract_par->niter = atoi( optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_paf_save.c:62:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. k = sprintf( to, "grep --quiet '" ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_paf_save.c:147:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[128] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_prepare.c:119:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char framename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_prepare.c:121:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(framename,"frame%d.fits",i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_rectify.c:243:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( rectify_par.rectif_kernel, "default"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_remove_crh_multiple.c:138:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char iname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_remove_crh_multiple.c:160:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( iname, "test_crh_%02d.fits", i ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_remove_crh_multiple.c:330:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sof_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_remove_crh_multiple.c:331:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char crh_tag[64] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_remove_crh_multiple.c:386:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( crh_tag, "test_remove_crh" ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_remove_crh_single.c:157:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_remove_crh_single.c:158:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sof_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_remove_crh_single.c:159:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char res_name[64] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_remove_crh_single.c:212:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "remove_crh_single_sci_UVB.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_resid_tab.c:137:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). resid_tab_the_file = fopen( "RESID_TAB.reg", "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_sky_lines_sampling.c:254:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d2y, ybin, nbins * sizeof(double)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_sky_lines_sampling.c:262:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(yvar, ysig, nbins * sizeof(double)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_spectrum_detect_lines.c:110:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_spectrum_detect_lines.c:135:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). niter=atoi(argv[4]); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_spectrum_detect_lines.c:138:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). smwidth=atoi(argv[7]); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_background.c:102:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). backg_par->sampley = atoi( optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_background.c:105:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). backg_par->radius_x = atoi( optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_background.c:108:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). backg_par->radius_y = atoi( optarg); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_bias.c:185:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char framename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_bias.c:187:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(framename,"frame%d.fits",i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_dark.c:179:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char framename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_dark.c:181:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(framename,"frame%d.fits",i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_sky_nod.c:80:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char PointType[16] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_sky_nod.c:81:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char PointSize[8] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_sky_nod.c:83:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char CentralColor[32] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_sky_nod.c:96:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( PointType, "cross" ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_sky_nod.c:98:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( CentralColor, "green" ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_the_map.c:120:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). themap_file = fopen( "THEMAP.reg", "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_wavecal_fwhm.c:127:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fwhm_file = fopen( fwhm_name, "r"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_wavecal_fwhm.c:128:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). res_file = fopen( "fwhm_full.dat", "w+"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_wavecal_fwhm.c:131:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[200]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/tests.c:580:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sof_line[200]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/tests.c:586:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sof_file = fopen( sof_name, "r"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/tests.c:591:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[200]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/tests.c:592:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[200]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_badpixelmap.c:114:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bname[40]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_badpixelmap.c:115:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char btag[40]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_badpixelmap.c:1150:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_badpixelmap.c:1151:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_badpixelmap.c:1211:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_badpixelmap.c:1212:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_badpixelmap.c:1660:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_o[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_baryvel.c:75:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void compxy(double inputr[19], char inputc[4], data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_baryvel.c:270:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. compxy(double inputr[19], char inputc[4], data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_baryvel.c:303:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inpsgn[4]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_blaze.c:149:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char blaze_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_blaze.c:150:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char blaze_tag[16]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_blaze.c:267:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_blaze.c:269:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(filename, "blaze_%d.dat",absorder); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_blaze.c:270:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). regdebug = fopen(filename,"w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:508:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:509:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"scale_factors_obj_%d.fits",no); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:556:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:557:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"scale_factors_slices_%d.fits",no); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:718:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:719:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"scale_factors_pix_pix_%d.fits",no); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:757:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cname[8]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:760:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cname,"f%d",i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:781:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cname,"f%d",nf); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:797:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:798:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"bad_pix_ord_%d.fits",no); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:853:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:958:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"data_rectified_order_%d.fits",no); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:960:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"qual_rectified_order_%d.fits",no); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:963:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"scale_rectified_order_%d.fits",no); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:1166:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:1174:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"data_%d.fits",nf); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:1222:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"data_%d.fits",nf); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:1354:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:1399:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name,"input_resampled_shifted_%d.fits",nf); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:1433:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:1436:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"list_%d.fits",nf); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:1566:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"ima_bp_%d.fits",no); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:1570:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"tab_bp_%d.fits",no); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:1624:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:1634:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"ima_bp_%d.fits",no); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:1640:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"tab_bp_%d.fits",no); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:1682:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cname[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:1730:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cname,"f%d",nf); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:1782:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"ima_cor_%d.fits",no); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:1816:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:1826:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"ima_bp_%d.fits",no); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:1830:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"tab_bp_%d.fits",no); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:2065:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:2068:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name,"input_resampled_%d.fits",i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:2126:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( dnew, dold, nlambda*sizeof( double)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_combine_nod.c:2129:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( dslit, result_slit, nslit*sizeof( float)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_absorp.c:169:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mask_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_absorp.c:170:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[16]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_absorp.c:310:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). debug_file = fopen( "out.dat", "w+"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_absorp.c:328:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( mask_name, "TELL_MASK.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_linearity.c:165:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outname[128] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_linearity.c:168:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( outname, "linear_sub_set_%d.fits", i ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_linearity.c:803:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bpmapFname[132] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_noise_map.c:73:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen( fname, "w" ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_noise_map.c:322:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result_name[256] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_noise_map.c:324:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char noisy_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_response.c:564:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen( "summed.dat", "w" ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_response.c:571:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen( "response.dat", "w" ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_response.c:578:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen( "spectrum.dat", "w" ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_response.c:583:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen( "star.dat", "w" ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_response.c:3189:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char resp_obs_std_star_fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_response.c:3479:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_response.c:3480:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_response.c:3537:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_response.c:3538:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_response.c:3724:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_response.c:3725:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_slice_dist.c:83:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_slice_dist.c:194:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tablename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_slice_dist.c:351:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_compute_slice_dist.c:362:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_master.c:642:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mdark_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_master.c:643:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mdark_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_master.c:1203:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_master.c:1327:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mastername[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_master.c:2281:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mflat_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_master.c:2282:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mflat_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_order_table.c:97:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_order_table.c:189:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). debug_out = fopen("predict_cen_points.log","w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_order_table.c:195:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). debug_out = fopen("predict_cen.log","w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_wavemap.c:84:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wavemap_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_wavemap.c:85:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char slitmap_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_wavemap.c:224:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wm_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_wavemap.c:315:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). test = fopen( "wavemap_grid.log", "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_wavemap.c:404:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wm_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_wavemap.c:405:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wm_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_wavemap.c:500:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). test = fopen( "wavemap_grid.log", "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_wavemap.c:576:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char qc_wlen[40]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_create_wavemap.c:666:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char qc_line[40]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_atmos_ext.c:84:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((fout=fopen(filename,"w"))==NULL) { data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_dispersol.c:123:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char coefname[20]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_dispersol.c:159:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(coefname,"C%d%d",k,l); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_dispersol.c:276:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_dispersol.c:485:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_dispersol.c:784:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char coefname[20]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_dispersol.c:788:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_dispersol.c:813:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(coefname,"C%d%d",i,j); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_dispersol.c:839:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(coefname,"C%d%d",j,k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_image_3d.c:78:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[2] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_image_3d.c:280:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( p_pix, cpl_image_get_data( img ), img_size*elem_size ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_instrument.c:107:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( new, old, sizeof( xsh_instrument ) ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_instrument.c:109:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( new->config, old->config, sizeof( XSH_INSTRCONFIG ) ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_localization.c:122:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char colname[32]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_localization.c:217:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char colname[32] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_order.c:73:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else fout = fopen( fname, "w" ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_order.c:240:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char colname[32] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_order.c:798:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char colname[32] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_pre.c:84:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cor_fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_pre.c:1088:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_pre.c:1490:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_pre.c:2768:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_o[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_rec.c:73:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen( fname, "w" ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_rec.c:251:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( fnew, fold, nlambda*nslit*sizeof( float ) ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_rec.c:255:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( fnew, fold, nlambda*nslit*sizeof( float ) ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_rec.c:259:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( inew, iold, nlambda*nslit*sizeof( int ) ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_rec.c:263:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( fnew, fold, nslit*sizeof( float ) ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_rec.c:267:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( dnew, dold, nlambda*sizeof( double ) ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_rec.c:720:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_rec.c:1469:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_extname[20]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_rec.c:1470:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errs_extname[20]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_rec.c:1471:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char qual_extname[20]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_rec.c:1548:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(data_extname,"ORD%d_FLUX",order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_rec.c:1549:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errs_extname,"ORD%d_ERRS",order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_rec.c:1550:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(qual_extname,"ORD%d_QUAL",order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_rec.c:1638:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_extname[20]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_rec.c:1639:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errs_extname[20]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_rec.c:1640:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char qual_extname[20]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_rec.c:1747:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(data_extname,"ORD%d_FLUX",order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_rec.c:1748:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errs_extname,"ORD%d_ERRS",order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_rec.c:1749:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(qual_extname,"ORD%d_QUAL",order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_resid_tab.c:679:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). logfile = fopen(filename,"w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_shift_tab.c:140:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectralformat.c:74:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else fout = fopen( fname, "w" ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectralformat.h:58:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lamp[8]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectrum.c:913:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oname[128]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectrum.c:922:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectrum.c:977:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oname[128]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectrum.c:987:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectrum1D.c:382:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char comment[40]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectrum1D.c:383:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char qc_key[20]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectrum1D.c:405:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comment,"Flux in %4.0f-%4.0f nm",ws,we); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectrum1D.c:421:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comment,"Error Flux in %4.0f-%4.0f nm",ws,we); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_spectrum1D.c:435:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comment,"SNR in %4.0f-%4.0f nm",ws,we); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_star_flux.c:318:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((fout=fopen(filename,"w"))==NULL) { data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_star_flux.c:490:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result->lambda,list->lambda,size*sizeof(double)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_star_flux.c:491:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result->flux,list->flux,size*sizeof(double)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_wavemap.c:78:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else fout = fopen( fname, "w" ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_wavemap.c:418:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( vx, &(xpos[i_minus_ordersize]), ordersize*sizeof(double)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_wavemap.c:421:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( vy, &(ypos[i_minus_ordersize]), ordersize*sizeof(double)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_wavemap.c:424:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( vl, &(vlambda[i_minus_ordersize]), ordersize*sizeof(double) ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_wavemap.c:427:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( vs, &( vslit[i_minus_ordersize]), ordersize*sizeof(double) ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_wavemap.c:533:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( vx, &(xpos[i-ordersize]), ordersize*sizeof(double)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_wavemap.c:536:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( vy, &(ypos[i-ordersize]), ordersize*sizeof(double)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_wavemap.c:539:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( vl, &(vlambda[i-ordersize]), ordersize*sizeof(double) ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_wavemap.c:841:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"sky_model_ord_%2.2d_slice_%2.2d_iter_%2.2d.fits",abs_ord,sid,iter); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_wavemap.c:844:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"sky_fit_ord_%2.2d_slice_%2.2d_iter_%2.2d.fits",abs_ord,sid,iter); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_wavemap.c:847:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"sky_wmap_%2.2d.fits",iter); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_wavemap.c:849:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"sky_smap_%2.2d.fits",iter); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_wavemap.c:936:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"object_model_%2.2d.fits",iter); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_wavemap.c:942:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"object_smap_%2.2d.fits",iter); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_wavesol.c:754:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char coefname[20]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_wavesol.c:801:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(coefname,"C%d%d%d",i,j,k); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_wavesol.c:921:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char coefname[16] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_wavesol.c:928:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( coefname, "C%d%d%d", i, j, k ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_data_wavesol.c:963:31: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( fname != NULL ) fout = fopen( fname, "w" ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:556:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wave_table_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:575:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:576:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:577:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rtag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:580:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dpr_type[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:581:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:587:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:588:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char basename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:625:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(type,"FMTCHK_"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:627:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(type,"WAVE_"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:629:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(type,"ARC_"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1455:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wave_table_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1474:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1475:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1476:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rtag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1479:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dpr_type[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1480:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1486:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1487:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char basename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1525:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(type,"FMTCHK_"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1527:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(type,"WAVE_"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1529:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(type,"ARC_"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1662:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). regfile = fopen( "FIT.reg", "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1668:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). regfile = fopen( "NOFIT.reg", "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1838:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). regfile = fopen( fit, "a"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1889:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sn_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1897:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( sn_name, "bad_sn_%.3f.reg", da->min_sn); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1898:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). regfile = fopen( sn_name, "a"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_continuum.c:226:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dirname1[128], dirname2[128], fname[256], cmd[256] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_continuum.c:241:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen( fname, "w" ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_continuum.c:268:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_continuum.c:272:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char frame_name[256] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_continuum.c:273:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_continuum.c:281:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( (flog = fopen( logname, "w" ) ) == NULL ) data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_continuum.c:714:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char debug_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_continuum.c:717:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(debug_name, "centroid_%d.reg", list->list[i].absorder); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_continuum.c:719:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). debug_file = fopen( debug_name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_continuum.c:994:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char frame_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_continuum.c:995:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_order.c:88:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_t[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_order.c:1260:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char openmode[2]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_order.c:1268:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). debug_out = fopen(fname, openmode); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_order.c:1277:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). debug_out = fopen(fname, openmode); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detmon_lg.c:4945:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char kname[300]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:942:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fo=fopen(filename,"r"))==NULL) { data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:1542:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:1543:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:1970:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char product_id[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:2075:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char product_id[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:2079:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:2253:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char product_id[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:2372:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char product_id[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:2576:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:2718:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:3032:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *tags[2] ={NULL,NULL}; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:3062:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tags[2]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:3117:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *tags[2]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:3139:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *tags[2]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:3181:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *tags[2] = {NULL, NULL}; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:3203:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *tags[2] = {NULL, NULL}; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:3233:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *tags[2] = {NULL, NULL}; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:3258:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *tags[2] = {NULL, NULL}; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:3283:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *tags[2] = {NULL, NULL}; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:3308:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *tags[3] = {NULL, NULL}; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:3338:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *tags[2] = {NULL, NULL}; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:3363:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *tags[2] = {NULL, NULL}; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:3387:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *tags[3] = {NULL, NULL, NULL}; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:3413:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *tags[4] = {NULL, NULL}; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:3441:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *tags[4] = {NULL, NULL}; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:3469:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * tags[3] = { NULL, NULL, NULL} ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:3546:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *tags[2] = {NULL, NULL}; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:3595:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *tags[2] = {NULL, NULL}; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:3621:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *tags[2] = {NULL, NULL}; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:3645:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *tags[2] = {NULL, NULL}; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:3670:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *tags[2] = {NULL, NULL}; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:3697:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *tags[2] ={NULL,NULL}; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:3718:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tags[4] ={NULL,NULL, NULL,NULL}; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:3780:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *tags[3] ={NULL,NULL}; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:4237:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:4514:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:4786:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:4974:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[10]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_divide.c:83:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.c:63:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag_ou[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.c:64:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.c:210:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wave_map_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.c:211:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char slit_map_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.c:310:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rmbias_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.c:350:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.c:389:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.c:427:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.c:428:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.c:495:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_drl_check.c:496:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_extract.c:753:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prof_name[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_extract.c:754:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(prof_name,"prof_ord_%d.fits",i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_extract.c:756:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(prof_name,"flux_ord_%d.fits",i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_extract.c:758:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(prof_name,"res_ord_%d.fits",i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_extract.c:809:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_extract.c:838:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_extract.c:887:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_flat_merge.c:255:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_flat_merge.c:256:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_tag[25]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_flat_merge.c:528:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_flat_merge.c:529:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_tag[25]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_flexcor.c:101:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_flexcor.c:364:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char thename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_follow_arclines.c:196:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_follow_arclines.c:200:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( name, "profil_%d_%f_%f.dat", ordnum, lambda, xpix); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_follow_arclines.c:202:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). debug_file = fopen( name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_follow_arclines.c:457:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_follow_arclines.c:460:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( name, "fwhm_%d_%f.dat", ordnum, lambda); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_follow_arclines.c:463:27: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fwhm_debug_file = fopen( name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_follow_arclines.c:469:27: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fwhm_debug_file = fopen( name, fwhm_debug_mode); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_follow_arclines.c:1015:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_follow_arclines.c:1016:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_follow_arclines.c:1350:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag_id[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_format.c:164:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_format.c:165:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pcatg[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_format.c:484:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pcatg[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_format.c:485:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_ifu.c:79:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:232:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:460:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mask_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:463:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( mask_name, "skymask.reg"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:464:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mask_file = fopen( mask_name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:540:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char coadd_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:545:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). coadd_file = fopen( coadd_name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:711:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char debug_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:716:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). debug_file = fopen( debug_name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:921:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:1063:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tablename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:1182:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mask_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:1185:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( mask_name, "skymask.reg"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:1186:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mask_file = fopen( mask_name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:1314:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:1321:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). test_file = fopen( test_name, "w+"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:1333:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). test_file = fopen( test_name, "w+"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:1409:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:1415:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). test_file = fopen( test_name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_localize_obj.c:1534:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_merge_ord.c:457:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_anneal.c:233:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). measfile=fopen(datname,"r"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_anneal.c:261:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oneline[200]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_anneal.c:267:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((myfile=fopen((char*)filename,"r"))==NULL){ data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_io.c:488:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[10]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_io.c:490:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp,"slit[%d]",islit); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_io.c:578:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempstr[10]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_io.c:1224:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tempstr,"slit[%d]",kk); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_io.c:1294:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempstr[10]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_io.c:1412:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tempstr, "slit[%d]", j) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_io.c:1526:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempstr[10]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_io.c:1530:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tempcfg=fopen("xsh_temp.cfg","w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_io.c:1628:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tempstr, "slit[%d]", jj) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_kernel.c:1135:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). p_ref_ind_file=fopen(ref_ind_file,"r"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_kernel.c:2108:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_kernel.c:2431:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(filename, "tab_xy_%2.2d.fits", morder_cnt); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_kernel.c:2726:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). trace_out=fopen("trace.dat","w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_kernel.c:3042:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tab_filename2[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_kernel.c:3707:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out_cfg_filename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_kernel.c:5469:31: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( NULL == (file_list = fopen (name_i, "r" ) ) ) data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_kernel.c:5499:31: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( NULL == (file_list = fopen (name_i, "r" ) ) ) data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_kernel.c:5828:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_o[512] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_kernel.c:5932:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[32] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_kernel.c:5938:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fgnu = fopen( gnuname, "w" ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_kernel.c:5946:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen( fname, "w" ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_kernel.c:5963:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). freg = fopen( "order_create.reg", "w" ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_kernel.c:6134:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_kernel.h:70:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[20]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_metric.c:543:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempstr[10]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_metric.c:729:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tempstr,"slit[%d]",kk); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_r250.c:249:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nmr_bins = atoi( argv[1] ); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_r250.c:256:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). seed = atoi( argv[2] ); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_utils.c:72:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char THE_filename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_utils.c:271:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local_cfg_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_msg.c:139:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char printbuffer[MAXSTRINGLENGTH]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_multiply.c:85:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:209:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char poly_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:214:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( poly_name, "gaussian_center_poly_%d.dat", abs_order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:215:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). poly_file = fopen( poly_name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:223:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( poly_name, "gaussian_sigma_poly_%d.dat", abs_order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:224:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). poly_file = fopen( poly_name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:802:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:804:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(filename, "gaussian_points_%d.dat",i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:805:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). regdebug = fopen(filename,"w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:1469:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char std_spectrum_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:1472:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( std_spectrum_name, "n.dat"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:1473:27: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). std_spectrum_file = fopen( std_spectrum_name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:1482:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( std_spectrum_name, "rejfrac.dat"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:1483:27: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). std_spectrum_file = fopen( std_spectrum_name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:1728:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char debug_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:1730:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( debug_name, "pixel_size_%d.dat", absorder); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:1733:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). debug_file = fopen( debug_name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:1752:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char debug_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:1754:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( debug_name, "integrate_flux_%d.dat", absorder); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:1757:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). debug_file = fopen( debug_name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:1990:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag_drl[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:1991:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:1993:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:1994:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename_drl[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2008:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char qc_extname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2010:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char qc_subextract_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2011:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char qc_s2ddiv1d_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2012:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char qc_model_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2013:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char qc_weight_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2143:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2151:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( test_name, "poly%dx%d_lambda_range_%d.dat", binx, biny, abs_order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2154:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( test_name, "model%dx%d_lambda_range_%d.dat", binx, biny, abs_order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2157:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). test_file = fopen( test_name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2331:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2332:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( name, "extract_%d.fits", abs_order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2336:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( name, "extract_errs_%d.fits", abs_order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2339:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( name, "extract_qual_%d.fits", abs_order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2352:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2354:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( name, "extract_x_%d.fits", abs_order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2357:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( name, "extract_y_%d.fits", abs_order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2373:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( qc_subextract_name, "sub_extract.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2375:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( qc_extname, "ORD%d_FLUX", abs_order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2380:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( qc_extname, "ORD%d_ERRS", abs_order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2385:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( qc_extname, "ORD%d_QUAL", abs_order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2399:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2401:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( name, "sub_x_%d.fits", abs_order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2404:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( name, "sub_y_%d.fits", abs_order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2419:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char std_spectrum_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2423:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( std_spectrum_name, "extract_std_%d.dat", abs_order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2424:27: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). std_spectrum_file = fopen( std_spectrum_name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2464:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( qc_s2ddiv1d_name, "s2Dby1D.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2465:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( qc_extname, "ORD%d_FLUX", abs_order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2469:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( qc_extname, "ORD%d_ERRS", abs_order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2478:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( qc_model_name, "model.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2479:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( qc_extname, "ORD%d_FLUX", abs_order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2494:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( qc_weight_name, "weight.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2495:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( qc_extname, "ORD%d_FLUX", abs_order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2520:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char std_spectrum_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2524:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( std_spectrum_name, "spectrum_divbyblaze_std_%d.dat", abs_order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2525:27: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). std_spectrum_file = fopen( std_spectrum_name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2565:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char std_spectrum_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2568:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( std_spectrum_name, "spectrum_std_%d.dat", abs_order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2569:27: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). std_spectrum_file = fopen( std_spectrum_name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2586:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( std_spectrum_name, "spectrum_opt_%d.dat", abs_order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_opt_extract.c:2587:27: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). std_spectrum_file = fopen( std_spectrum_name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_paf_save.c:158:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char kformat[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_paf_save.c:166:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( pm, "%d" ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_paf_save.c:172:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char curname[256] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_paf_save.c:253:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). paf = fopen(filename, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:53:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:54:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recipename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:76:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:77:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recipename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:123:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:124:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recipename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:146:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:147:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recipename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:169:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:170:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recipename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:194:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:195:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recipename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:221:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:222:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recipename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:245:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:263:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:264:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recipename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:284:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:285:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recipename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:302:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:303:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recipename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:337:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:353:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:354:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recipename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:995:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:996:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recipename[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:2172:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ker_comment[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:2177:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( ker_comment, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:3458:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). check(ivalue=atoi(cpl_table_get_string(tab,"param_value",i))); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.c:3474:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). bvalue=atoi(cpl_table_get_string(tab,"param_value",i)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_parameters.h:209:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rectif_kernel[16] ; /**< Interpolation kernel used. data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_pfits.c:3727:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_pfits.c:3745:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_pfits.c:3762:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_pfits.c:3779:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_pfits.c:3797:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_pfits.c:3982:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_pfits.c:4000:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_pfits_qc.c:1115:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char real_kw[32] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_pfits_qc.c:1135:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char kformat[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_pfits_qc.c:1142:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( pm, "%d" ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_prepare.c:131:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_prepare.c:132:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_rectify.c:488:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shift_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_rectify.c:490:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( shift_name, "shift_%d_%.1f_%.1f.dat", order, slit_min, slit_max); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_rectify.c:491:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). shift_file = fopen( shift_name, "w+"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_rectify.c:547:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recfile_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_rectify.c:549:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( recfile_name, "rec_%d_%.1f_%.1f.dat", order, slit_min ,slit_max); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_rectify.c:550:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). rec_file = fopen( recfile_name, "w+"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_rectify.c:884:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_rectify.c:1108:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag_drl[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_rectify.c:1109:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char res_name_drl[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_rectify.c:1621:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_rectify.c:1622:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char res_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_remove_crh_multi.c:365:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_remove_crh_multi.c:366:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract.c:133:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char resultname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract.c:136:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract.c:201:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char resultname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract.c:223:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(resultname, "ON-OFF_%d.fits",i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract.c:651:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_nod.c:138:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char frame_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_offset.c:87:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char arm_name[16] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_offset.c:104:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char a_b_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:364:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[128]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:507:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname, "outlier1d_ord_%02d_iter_%02d.reg", order,iter); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:508:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen(fname, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:531:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"outlier1d_order_%02d_iter_%02d.fits",order,iter); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:774:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname, "outlier1d_ord_%02d_iter_%02d.reg", order,iter); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:775:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen(fname, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:806:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"outlier1d_order_%02d_iter_%02d.fits",order,iter); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:820:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"tab_clean_order_%02d_iter_%02d.fits",order,iter); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:879:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname, "outlier1d_ord_%02d_slice_%02d_order_%02d.reg", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:881:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen(fname, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:922:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"outlier1d_order_%02d_slice_%02d_iter_%02d.fits", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:939:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"tab_clean_order_%02d_slice_%02d_iter_%02d.fits", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:1010:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname, "sky_fit_%02d_%02d.dat", order,iter); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:1011:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen(fname, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:1040:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"sky_fit_%02d_%02d.fits",order,iter); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:1150:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen(fname, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:1251:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rname[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:1252:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tname[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:1482:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rname[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:1483:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tname[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:1699:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"sky_model_rms_%2.2d.fits",iter); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:1701:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"sky_model_dif_%2.2d.fits",iter); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:1703:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"sky_model_rat_%2.2d.fits",iter); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:1827:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tname[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:1828:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tname, "points_sampl_cont_%02d", ord); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:1853:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tname[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:1854:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tname, "points_sampl_lines_%02d", ord); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:2015:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rname[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:2044:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(rname, "points_sampl_order_%02d.reg", ord); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:2520:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(bname,"bad_fit_thres_ord_%2.2d_%2.2d.fits",order,iter); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:2522:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(bname,"bad_fit_thres_ord_%2.2d_%2.2d.reg",order,iter); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:2573:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(bname,"residual_lines_thres_ord_%2.2d_%2.2d.reg",order,iter); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:2575:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen(bname, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:2604:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hname[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:2605:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(hname,"histo_ord_%2.2d_%2.2d.fits",order,iter); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:3631:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sname[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:3632:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sname,"tab_bspline_smooth_ord_%2.2d_%2.2d.fits",abs_order,iter_no); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:3634:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sname,"tab_bspline_bkpts_ord_%2.2d_%2.2d.fits",abs_order,iter_no); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:3642:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sname,"tab_data_ord_%2.2d_%2.2d.fits",abs_order,iter_no); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:3656:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sname,"xtab_ord_%2.2d_%2.2d.fits",abs_order,iter_no); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:3698:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sname,"tab_sampl_ord_%2.2d_%2.2d.fits",abs_order,iter_no); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:4115:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sname[80]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:4189:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sname,"tab_bspline_smooth_ord_%2.2d_slice_%2.2d_iter_%2.2d.fits", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:4193:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sname,"tab_bspline_bkpts_ord_%2.2d_slice_%2.2d_iter_%2.2d.fits", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:4201:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sname,"tab_data_ord_%2.2d_slice_%2.2d_iter_%2.2d.fits", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:4207:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sname,"model_ord_%2.2d_slice_%2.2d_iter_%2.2d.fits", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:4268:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sname,"tab_sampl_ord_%2.2d_%2.2d.fits",abs_order,iter_no); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:4271:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sname,"tab_sampl_ord_%2.2d_%2.2d.fits",abs_order,iter_no); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:4282:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sname,"tab_bspline_smooth_ord_%2.2d_iter_%2.2d.fits", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:4285:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sname,"tab_bspline_bkpts_ord_%2.2d_iter_%2.2d.fits", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:5038:23: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sname,"tab_lr_ord_%2.2d_%2.2d.reg",order,i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:5040:23: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sname,"tab_lr_ord_%2.2d_%2.2d.fits",order,i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:5042:23: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sname,"tab_bp_ord_%2.2d_%2.2d.reg",order,i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:5044:23: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sname,"tab_bp_ord_%2.2d_%2.2d.fits",order,i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:5085:23: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sname,"samplin_ord_%2.2d_%2.2d.reg",order,i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:5087:23: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sname,"samplin_ord_%2.2d_%2.2d.fits",order,i); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:5226:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char debug_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:5228:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(debug_name, "fitted_data_sky_%d.log", order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:5229:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). debug = fopen(debug_name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:5316:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char debug_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:5322:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(debug_name, "fitted_data_obj_%d.log", order); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:5323:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). debug = fopen(debug_name, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:5519:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:5520:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:5696:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:5697:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:5803:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sky_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:5821:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_subtract_sky_single.c:5822:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_time.c:120:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char date_iso8601[20] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:450:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((src = open (srcpath, O_RDONLY)) == -1) return (-1); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:458:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((dst = open (dstpath, O_CREAT | O_WRONLY | O_TRUNC, sb.st_mode)) == -1) data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:882:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_o[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1699:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( date, "%04d%02d%02d-%02d%02d%02d", data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:3917:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:4138:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char qc_flux_min[40]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:4139:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char qc_flux_max[40]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:4265:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:5681:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_o[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_efficiency.c:404:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prod_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_efficiency.c:405:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prod_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_efficiency.c:844:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_efficiency.c:845:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ftag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_efficiency.c:859:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"ref_std_star_spectrum.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_efficiency.c:860:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ftag,"STD_STAR_FLUX"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_efficiency.c:923:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key_name[40]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_efficiency.c:938:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_efficiency.c:939:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:761:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[25]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:762:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1086:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key_name[40]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1117:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1118:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ptag[40]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1157:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_o[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1209:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_o[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1259:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_o[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1260:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag_o[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1353:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char comment[40]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1354:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char qc_key[20]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1409:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comment,"Flux in slic %d, %4.0f-%4.0f nm",j,ws,we); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1419:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comment,"Err Flux in slic %d, %4.0f-%4.0f nm",j,ws,we); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1427:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comment,"SNR in slic %d, %4.0f-%4.0f nm",j,ws,we); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1602:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1603:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_extid[40]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1604:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errs_extid[40]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1605:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char qual_extid[40]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1607:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char qualifier[10]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1709:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1723:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(qualifier,"OBJ"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:1725:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(qualifier,"SKY"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:2189:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(data_extid,"ORD%2.2d_FLUX",ord); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:2191:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errs_extid,"ORD%2.2d_ERRS",ord); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:2193:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(qual_extid,"ORD%2.2d_QUAL",ord); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:2244:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(data_extid,"FLUX"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:2246:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errs_extid,"ERRS"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_ifu.c:2248:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(qual_extid,"QUAL"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:2682:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:2683:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[50]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:2749:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:2750:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[50]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:2940:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key_name[25]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:3013:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key_name[25]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:3152:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:3153:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:4041:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:4119:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:4185:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oname[128]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_image.c:4198:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_response.c:318:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_response.c:350:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname, "tab_corr_sampl.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_response.c:630:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_response.c:639:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname, "fcorr_org.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_response.c:650:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname, "fcorr_ext.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_response.c:654:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname, "fcorr_tab.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_response.c:706:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_response.c:749:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"fcorr.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_response.c:751:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"wcorr.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_response.c:775:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_response.c:787:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname, "model_selected_wrange_log_resampled_uniform.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_response.c:794:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname, "spectrum_resampled_used_in_correlation.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_response.c:888:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname, "model_convolved.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_response.c:932:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_response.c:957:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"spectrum_obs.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_response.c:986:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"model_arm.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_response.c:997:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"model_range_arm.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_response.c:1010:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"model_selected_wrange_log.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_response.c:1017:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"spectrum_selected_wrange_log.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_response.c:1054:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"model_aligned_to_obs.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_response.c:1072:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"table_rm.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_response.c:1080:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"spectrum_resampled_to_model.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_response.c:1091:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"spectrum_observed_divided_by_model_convolved.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_response.c:1108:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"tab_stack.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_response.c:1203:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"ratio_med.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_response.c:1287:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname,"spectrum_observed_divided_by_model_convolved.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:244:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ftag[40]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:245:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[40]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:372:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ftag[40]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:373:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[40]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:554:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[FILENAME_MAX]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:669:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname_o[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:742:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:858:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:859:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:963:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_tag[40]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:964:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:991:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char throw_line[200]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:995:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). throw_file = fopen( throw_name, "r"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1002:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shiftval[200]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1032:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[16] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1535:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1536:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1537:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char arm_str[8] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1588:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1589:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1590:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char arm_str[8] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2125:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sky_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2126:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sky_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2127:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rec_name[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2227:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wave_map_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2228:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char slit_map_tag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2271:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_tag[40]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2575:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2612:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cmd,"rm tmp_ima.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2720:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2752:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cmd,"rm tmp_ima.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2760:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2791:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cmd,"rm tmp_tab.fits"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2840:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ftag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2841:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2842:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char arm_str[16] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2906:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char arm_str[16] ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2907:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ftag[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:2908:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_table.c:229:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char qc_intavg_name[40]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_table.c:230:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char qc_nlinint_name[40]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_table.c:231:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char comment[40]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_table.c:748:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char comment[40]; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_table.c:749:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char qc_key[20]; data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_imagelist_io.c:496:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int msgmin = (int)strlen(HDRL_MSG) - 5; data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_imagelist_io.c:508:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int imsgmin = (int)strlen(HDRL_IMSG) - 5; data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_imagelist_io.c:553:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int imsgmin = (int)strlen(HDRL_IMSG) - 5; data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_utils.c:350:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const char * sep = strlen(base_context) > 0 ? "." : ""; data/cpl-plugin-xshoo-3.5.0+dfsg/hdrl/hdrl_utils.c:491:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (val == NULL || strlen(val) == 0) { data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_framelist.c:1173:17: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cpl_boolean equal; data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_framelist.c:1195:14: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal) { data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_framelist.c:1207:14: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal) { data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_framelist.c:1219:14: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal) { data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_framelist.c:1231:14: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal) { data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_framelist.c:1243:14: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal) { data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_framelist.c:1255:14: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal) { data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_framelist.c:1266:14: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal) { data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_framelist.c:1281:10: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal) { data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_framelist.c:1286:12: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return equal; data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_sdp_spectrum.c:923:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t n1 = strlen(va[i]); data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_sdp_spectrum.c:924:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t n2 = strlen(vb[i]); data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_sdp_spectrum.c:1283:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t keylen = strlen(keyword_table[mid].name); data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_sdp_spectrum.c:1302:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(record->name) != strlen(name)) { data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_sdp_spectrum.c:1302:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(record->name) != strlen(name)) { data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_sdp_spectrum.c:1306:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const char *c = name + strlen(record->name); data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_sdp_spectrum.c:2621:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cpl_size extra_length = (extra != NULL ? (cpl_size) strlen(extra) : 0); data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_sdp_spectrum.c:2655:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_length = (cpl_size) strlen(name); data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_sdp_spectrum.c:2659:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fragment_length = (cpl_size) strlen(fragment); data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_sdp_spectrum.c:2673:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(writepos, fragment, bytesleft); data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_sdp_spectrum.c:2676:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(writepos, name, bytesleft); data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_sdp_spectrum.c:2683:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(writepos, join_fragment, bytesleft); data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_sdp_spectrum.c:2684:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bytesleft -= (cpl_size) strlen(join_fragment); data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_sdp_spectrum.c:2685:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writepos += (cpl_size) strlen(join_fragment); data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_sdp_spectrum.c:2686:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(writepos, extra, bytesleft); data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/irplib_sdp_spectrum.c:2690:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(writepos, end_fragment, bytesleft); data/cpl-plugin-xshoo-3.5.0+dfsg/irplib/tests/irplib_utils-test.c:177:21: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. cpl_test_assert(sscanf(line, "%31s %16lf", &str[0], &val) != EOF); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/irplib_error.c:201:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (file_cpl, cpl_error_get_file (), MAX_STRING_LENGTH - 1); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/irplib_error.c:204:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (func_cpl, cpl_error_get_function (), MAX_STRING_LENGTH - 1); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/irplib_error.c:220:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (message_local, error_msg, MAX_STRING_LENGTH - 1); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/irplib_error.c:295:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (queue.errors[queue.last].filename, file, MAX_STRING_LENGTH - 1); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/irplib_error.c:296:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (queue.errors[queue.last].function, func, MAX_STRING_LENGTH - 1); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/irplib_error.c:297:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (queue.errors[queue.last].cplmessage, cpl_error_get_message (), data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/irplib_error.c:299:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (queue.errors[queue.last].errormessage, error_msg, data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_atrous.c:163:9: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(line,"%19s %19s", col1, col2); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_data_order.c:106:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( PointSize, "" ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_dfs_sdp.c:444:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(str); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_gaussian_fit.c:167:9: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(line,"%19s %19s", col1, col2); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_model.c:124:5: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf( sof_line, "%199s %199s", raw_name, raw_tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_model_maps_create.c:185:5: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf( sof_line, "%199s %199s", raw_name, raw_tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_subtract_sky_nod.c:97:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( PointSize, "" ) ; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/test-xsh_wavecal_fwhm.c:132:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char *read; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/tests/tests.c:601:7: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf( sof_line, "%199s %199s", name, tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:631:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(type,""); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_arclines.c:1531:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(type,""); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_order.c:1263:9: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(openmode, "w"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_detect_order.c:1265:9: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(openmode, "a"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:3089:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(tag); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:4971:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int lenx = strlen(x); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_dfs.c:4975:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(value,string,lenx); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_anneal.c:277:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(firstchar,oneline,1); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_io.c:1225:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). indlen=strlen(tempstr); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_kernel.c:5122:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(listname,findname,strlen(findname))==0) { data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_model_metric.c:730:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). indlen=strlen(tempstr); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_paf_save.c:245:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(instrument) + strlen("/") + strlen(recipe) + 1)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_paf_save.c:245:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(instrument) + strlen("/") + strlen(recipe) + 1)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_paf_save.c:245:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(instrument) + strlen("/") + strlen(recipe) + 1)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_paf_save.c:248:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(paf_id, "/"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_star_index.c:78:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t bt = strlen(fits_file) * sizeof(*fits_file)+1; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:488:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((rbytes = (int) read (src, buf, (size_t)blksize)) > 0) data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1319:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). version_string_length = strlen ("XX.YY.ZZ"); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1330:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int field = MAXIMUM (strlen (PACKAGE_STRING), strlen (recipe_string)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1330:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int field = MAXIMUM (strlen (PACKAGE_STRING), strlen (recipe_string)); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1336:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nspaces1 = (field - strlen (PACKAGE_STRING)) / 2; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1337:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nspaces2 = field - strlen (PACKAGE_STRING) - nspaces1; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1339:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nspaces3 = (field - strlen (recipe_string)) / 2; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1340:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nspaces4 = field - strlen (recipe_string) - nspaces3; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1440:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). TempFiles[NbTemp] = cpl_malloc( strlen( name) + 1); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1480:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ProdFiles[NbProducts] = cpl_malloc( strlen( name) + 1); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1664:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = cpl_calloc (sizeof (char), strlen (s) + 1); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1726:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = cpl_calloc (sizeof (char), strlen (s1) + strlen (s2) + 1); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1726:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = cpl_calloc (sizeof (char), strlen (s1) + strlen (s2) + 1); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1762:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cpl_calloc (sizeof (char), strlen (s1) + strlen (s2) + strlen (s3) + 1); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1762:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cpl_calloc (sizeof (char), strlen (s1) + strlen (s2) + strlen (s3) + 1); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1762:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cpl_calloc (sizeof (char), strlen (s1) + strlen (s2) + strlen (s3) + 1); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1800:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = cpl_calloc (sizeof (char), strlen (s1) + strlen (s2) + data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1800:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = cpl_calloc (sizeof (char), strlen (s1) + strlen (s2) + data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1801:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (s3) + strlen (s4) + 1); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1801:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (s3) + strlen (s4) + 1); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1842:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = cpl_calloc (sizeof (char), strlen (s1) + strlen (s2) + data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1842:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = cpl_calloc (sizeof (char), strlen (s1) + strlen (s2) + data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1843:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (s3) +strlen (s4) + strlen (s5) + 1); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1843:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (s3) +strlen (s4) + strlen (s5) + 1); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1843:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (s3) +strlen (s4) + strlen (s5) + 1); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1888:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (s1) + strlen (s2) + strlen (s3) + data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1888:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (s1) + strlen (s2) + strlen (s3) + data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1888:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (s1) + strlen (s2) + strlen (s3) + data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1889:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (s4) + strlen (s5) + strlen (s6) + 1); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1889:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (s4) + strlen (s5) + strlen (s6) + 1); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1889:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (s4) + strlen (s5) + strlen (s6) + 1); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils.c:1937:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += strlen (s) + 2; data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_efficiency.c:1346:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len=strlen(telescope_id); data/cpl-plugin-xshoo-3.5.0+dfsg/xsh/xsh_utils_scired_slit.c:1006:7: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf( throw_line, "%199s",shiftval); ANALYSIS SUMMARY: Hits = 1829 Lines analyzed = 283497 in approximately 7.60 seconds (37308 lines/second) Physical Source Lines of Code (SLOC) = 169580 Hits@level = [0] 525 [1] 98 [2] 1030 [3] 50 [4] 651 [5] 0 Hits@level+ = [0+] 2354 [1+] 1829 [2+] 1731 [3+] 701 [4+] 651 [5+] 0 Hits/KSLOC@level+ = [0+] 13.8814 [1+] 10.7855 [2+] 10.2076 [3+] 4.13374 [4+] 3.8389 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.