Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/eccodes-2.19.1/src/grib_expression_class_unop.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_dummy_field.c Examining data/eccodes-2.19.1/src/grib_nearest_class_lambert_azimuthal_equal_area.c Examining data/eccodes-2.19.1/src/grib_accessor_class_change_scanning_direction.c Examining data/eccodes-2.19.1/src/grib_itrie.c Examining data/eccodes-2.19.1/src/grib_accessor_class_gen.c Examining data/eccodes-2.19.1/src/md5.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_ccsds_packing.c Examining data/eccodes-2.19.1/src/grib_nearest.c Examining data/eccodes-2.19.1/src/grib_accessor_class_blob.c Examining data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_python.c Examining data/eccodes-2.19.1/src/grib_expression_class_true.c Examining data/eccodes-2.19.1/src/grib_iterator_class_mercator.c Examining data/eccodes-2.19.1/src/grib_handle.c Examining data/eccodes-2.19.1/src/grib_dumper_class_wmo.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_apply_bitmap.c Examining data/eccodes-2.19.1/src/grib_accessor_class_int64_little_endian.c Examining data/eccodes-2.19.1/src/grib_nearest_class_latlon_reduced.c Examining data/eccodes-2.19.1/src/grib_accessor_class_bufr_elements_table.c Examining data/eccodes-2.19.1/src/grib_bits.c Examining data/eccodes-2.19.1/src/grib_iterator_class_polar_stereographic.c Examining data/eccodes-2.19.1/src/grib_keys_iterator.c Examining data/eccodes-2.19.1/src/grib_accessor_class_unpack_bufr_values.c Examining data/eccodes-2.19.1/src/grib_accessor_class_statistics_spectral.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g1step_range.c Examining data/eccodes-2.19.1/src/grib_accessor_class_ieeefloat.c Examining data/eccodes-2.19.1/src/grib_accessor_class_bufr_string_values.c Examining data/eccodes-2.19.1/src/action_class_if.c Examining data/eccodes-2.19.1/src/grib_accessor_class_getenv.c Examining data/eccodes-2.19.1/src/grib_bits_ibmpow_opt.c Examining data/eccodes-2.19.1/src/grib_accessor_class_bits_per_value.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g1date.c Examining data/eccodes-2.19.1/src/grib_accessor_class_iterator.c Examining data/eccodes-2.19.1/src/grib_accessor_class_step_in_units.c Examining data/eccodes-2.19.1/src/grib_expression_class_column.c Examining data/eccodes-2.19.1/src/grib_accessor_class_sprintf.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g2_aerosol.c Examining data/eccodes-2.19.1/src/grib_util.c Examining data/eccodes-2.19.1/src/action_class_set.c Examining data/eccodes-2.19.1/src/grib_nearest_class_mercator.c Examining data/eccodes-2.19.1/src/grib_iterator_class_lambert_azimuthal_equal_area.c Examining data/eccodes-2.19.1/src/grib_bufr_descriptors_array.c Examining data/eccodes-2.19.1/src/grib_iterator_class_latlon_reduced.c Examining data/eccodes-2.19.1/src/grib_api.h Examining data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_filter.c Examining data/eccodes-2.19.1/src/grib_hash_array.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g1p1p2.c Examining data/eccodes-2.19.1/src/action_class_while.c Examining data/eccodes-2.19.1/src/grib_accessor_class_reference_value_error.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g2step_range.c Examining data/eccodes-2.19.1/src/grib_vdarray.c Examining data/eccodes-2.19.1/src/grib_accessor_class_unsigned_bits.c Examining data/eccodes-2.19.1/src/grib_bits_fast_big_endian_simple.c Examining data/eccodes-2.19.1/src/grib_iarray.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g2_chemical.c Examining data/eccodes-2.19.1/src/grib_iterator_class_gaussian.c Examining data/eccodes-2.19.1/src/grib_nearest_class_gen.c Examining data/eccodes-2.19.1/src/grib_accessor_class_constant.c Examining data/eccodes-2.19.1/src/action_class_hash_array.c Examining data/eccodes-2.19.1/src/eccodes.h Examining data/eccodes-2.19.1/src/grib_accessor_class_gts_header.c Examining data/eccodes-2.19.1/src/action_class_transient_darray.c Examining data/eccodes-2.19.1/src/grib_nearest_class_reduced.c Examining data/eccodes-2.19.1/src/grib_accessor_class_codetable.c Examining data/eccodes-2.19.1/src/grib_expression_class_logical_or.c Examining data/eccodes-2.19.1/src/grib_accessor_class_count_total.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g1bitmap.c Examining data/eccodes-2.19.1/src/grib_accessor_class_validity_time.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_apply_boustrophedonic.c Examining data/eccodes-2.19.1/src/grib_accessor_class_bytes.c Examining data/eccodes-2.19.1/src/grib_expression_class_is_integer.c Examining data/eccodes-2.19.1/src/action_class_when.c Examining data/eccodes-2.19.1/src/grib_accessor_class_uint8.c Examining data/eccodes-2.19.1/src/grib_header_compute.c Examining data/eccodes-2.19.1/src/grib_accessor_class_bufr_has_delayed_replication.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_g1simple_packing.c Examining data/eccodes-2.19.1/src/grib_loader_from_array.c Examining data/eccodes-2.19.1/src/grib_accessor_class_forward.c Examining data/eccodes-2.19.1/src/grib_accessor_class_budgdate.c Examining data/eccodes-2.19.1/src/grib_darray.c Examining data/eccodes-2.19.1/src/grib_accessor_class_size.c Examining data/eccodes-2.19.1/src/grib_accessor_class_raw.c Examining data/eccodes-2.19.1/src/grib_accessor_class_assert.c Examining data/eccodes-2.19.1/src/bufr_util.c Examining data/eccodes-2.19.1/src/grib_accessor_class_bufr_extract_area_subsets.c Examining data/eccodes-2.19.1/src/grib_nearest_class_sh.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_g1second_order_row_by_row_packing.c Examining data/eccodes-2.19.1/src/grib_nearest_class.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g1fcperiod.c Examining data/eccodes-2.19.1/src/grib_buffer.c Examining data/eccodes-2.19.1/src/grib_accessor_class_variable.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g1forecastmonth.c Examining data/eccodes-2.19.1/src/grib_accessor_class_label.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g1_message_length.c Examining data/eccodes-2.19.1/src/eccodes_windef.h Examining data/eccodes-2.19.1/src/grib_accessor_class_proj_string.c Examining data/eccodes-2.19.1/src/grib_box_class_regular_gaussian.c Examining data/eccodes-2.19.1/src/action_class_print.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g2_eps.c Examining data/eccodes-2.19.1/src/grib_accessor_class_suppressed.c Examining data/eccodes-2.19.1/src/grib_expression_class_is_in_dict.c Examining data/eccodes-2.19.1/src/grib_accessor_class_ksec1expver.c Examining data/eccodes-2.19.1/src/grib_loader_from_file.c Examining data/eccodes-2.19.1/src/encode_double_array.c Examining data/eccodes-2.19.1/src/grib_accessor_class_bufr_data_array.c Examining data/eccodes-2.19.1/src/grib_accessor_class_uint16.c Examining data/eccodes-2.19.1/src/grib_expression_class_long.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_sh_packed.c Examining data/eccodes-2.19.1/src/grib_accessor_class_abstract_vector.c Examining data/eccodes-2.19.1/src/grib_accessor_class_uint64_little_endian.c Examining data/eccodes-2.19.1/src/grib_accessor_class_longitudes.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_2order_packing.c Examining data/eccodes-2.19.1/src/grib_accessor_class_transient.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g1day_of_the_year_date.c Examining data/eccodes-2.19.1/src/grib_accessor_factory.h Examining data/eccodes-2.19.1/src/action_class_set_sarray.c Examining data/eccodes-2.19.1/src/grib_dumper_class_bufr_simple.c Examining data/eccodes-2.19.1/src/grib_accessor_class_scale_values.c Examining data/eccodes-2.19.1/src/grib_accessor_class_scale.c Examining data/eccodes-2.19.1/src/grib_sarray.c Examining data/eccodes-2.19.1/src/grib_expression_factory.h Examining data/eccodes-2.19.1/src/grib_iterator_class_gen.c Examining data/eccodes-2.19.1/src/grib_accessor_class_dirty.c Examining data/eccodes-2.19.1/src/grib_accessor_class_section_pointer.c Examining data/eccodes-2.19.1/src/grib_iterator_class_regular.c Examining data/eccodes-2.19.1/src/action_class_write.c Examining data/eccodes-2.19.1/src/grib_expression_class_string.c Examining data/eccodes-2.19.1/src/grib_accessor_class_round.c Examining data/eccodes-2.19.1/src/grib_accessor_class_step_human_readable.c Examining data/eccodes-2.19.1/src/action_class_remove.c Examining data/eccodes-2.19.1/src/grib_parse_utils.c Examining data/eccodes-2.19.1/src/grib_dumper.c Examining data/eccodes-2.19.1/src/grib_expression_class_sub_string.c Examining data/eccodes-2.19.1/src/grib_accessor_class_long_vector.c Examining data/eccodes-2.19.1/src/grib_optimize_decimal_factor.h Examining data/eccodes-2.19.1/src/grib_accessor_class_section.c Examining data/eccodes-2.19.1/src/grib_nearest_factory.h Examining data/eccodes-2.19.1/src/grib_bufr_descriptor.c Examining data/eccodes-2.19.1/src/grib_accessor_class_padding.c Examining data/eccodes-2.19.1/src/grib_api_internal.h Examining data/eccodes-2.19.1/src/grib_accessor_class_g2bitmap_present.c Examining data/eccodes-2.19.1/src/action_class_set_darray.c Examining data/eccodes-2.19.1/src/grib_accessor_class_element.c Examining data/eccodes-2.19.1/src/grib_accessor_class_unsigned.c Examining data/eccodes-2.19.1/src/jgribapi_GribFile.h Examining data/eccodes-2.19.1/src/grib_accessor.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g1_section4_length.c Examining data/eccodes-2.19.1/src/grib_expression_class.h Examining data/eccodes-2.19.1/src/grib_scaling.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_complex_packing.c Examining data/eccodes-2.19.1/src/grib_iterator.c Examining data/eccodes-2.19.1/src/grib_accessor_class_non_alpha.c Examining data/eccodes-2.19.1/src/grib_accessor_class_double.c Examining data/eccodes-2.19.1/src/grib_accessor_class_pack_bufr_values.c Examining data/eccodes-2.19.1/src/grib_accessor_class.c Examining data/eccodes-2.19.1/src/grib_bits_any_endian_simple.c Examining data/eccodes-2.19.1/src/grib_box_class.c Examining data/eccodes-2.19.1/src/functions.c Examining data/eccodes-2.19.1/src/grib_accessor_class_missing.c Examining data/eccodes-2.19.1/src/grib_expression_class_is_in_list.c Examining data/eccodes-2.19.1/src/grib_accessor_class_mars_param.c Examining data/eccodes-2.19.1/src/grib_expression_class_double.c Examining data/eccodes-2.19.1/src/grib_accessor_class_select_step_template.c Examining data/eccodes-2.19.1/src/grib_loader_from_handle.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_g1second_order_general_packing.c Examining data/eccodes-2.19.1/src/grib_value.c Examining data/eccodes-2.19.1/src/grib_box_class_gen.c Examining data/eccodes-2.19.1/src/grib_accessor_class_codeflag.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_2order_packing_count.c Examining data/eccodes-2.19.1/src/grib_bits_any_endian_vector.c Examining data/eccodes-2.19.1/src/grib_trie.c Examining data/eccodes-2.19.1/src/grib_gaussian_reduced.c Examining data/eccodes-2.19.1/src/grib_trie_with_rank.c Examining data/eccodes-2.19.1/src/grib_optimize_decimal_factor.c Examining data/eccodes-2.19.1/src/grib_accessor_class_library_version.c Examining data/eccodes-2.19.1/src/grib_rules.c Examining data/eccodes-2.19.1/src/grib_accessor_class_latlon_increment.c Examining data/eccodes-2.19.1/src/grib_iterator_class_space_view.c Examining data/eccodes-2.19.1/src/grib_date.c Examining data/eccodes-2.19.1/src/grib_index.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_shsimple_packing.c Examining data/eccodes-2.19.1/src/action.c Examining data/eccodes-2.19.1/src/grib_box_factory.h Examining data/eccodes-2.19.1/src/grib_accessor_class_int8.c Examining data/eccodes-2.19.1/src/grib_bits_any_endian_omp.c Examining data/eccodes-2.19.1/src/grib_accessor_class_headers_only.c Examining data/eccodes-2.19.1/src/grib_accessor_class_sexagesimal2decimal.c Examining data/eccodes-2.19.1/src/grib_nearest_class_polar_stereographic.c Examining data/eccodes-2.19.1/src/jgribapi_GribHandle.h Examining data/eccodes-2.19.1/src/grib_expression_class_functor.c Examining data/eccodes-2.19.1/src/string_util.c Examining data/eccodes-2.19.1/src/grib_iterator_class_latlon.c Examining data/eccodes-2.19.1/src/grib_accessor_class_vector.c Examining data/eccodes-2.19.1/src/action_class_switch.c Examining data/eccodes-2.19.1/src/grib_expression_class_string_compare.c Examining data/eccodes-2.19.1/src/grib_compressor.c Examining data/eccodes-2.19.1/src/grib_accessor_class_number_of_values.c Examining data/eccodes-2.19.1/src/grib_jasper_encoding.c Examining data/eccodes-2.19.1/src/grib_accessor_class_check_internal_version.c Examining data/eccodes-2.19.1/src/action_class_noop.c Examining data/eccodes-2.19.1/src/action_class_close.c Examining data/eccodes-2.19.1/src/grib_accessor_class_simple_packing_error.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g2_mars_labeling.c Examining data/eccodes-2.19.1/src/grib_accessor_class_times.c Examining data/eccodes-2.19.1/src/grib_iterator_factory.h Examining data/eccodes-2.19.1/src/grib_accessor_class_ascii.c Examining data/eccodes-2.19.1/src/grib_accessor_class_octahedral_gaussian.c Examining data/eccodes-2.19.1/src/action_class_put.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_g2shsimple_packing.c Examining data/eccodes-2.19.1/src/grib_geography.c Examining data/eccodes-2.19.1/src/grib_expression.c Examining data/eccodes-2.19.1/src/grib_yacc.c Examining data/eccodes-2.19.1/src/grib_io.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g1number_of_coded_values_sh_complex.c Examining data/eccodes-2.19.1/src/grib_accessor_class_smart_table.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g1end_of_interval_monthly.c Examining data/eccodes-2.19.1/src/grib_timer.c Examining data/eccodes-2.19.1/src/grib_accessor_class_uint32_little_endian.c Examining data/eccodes-2.19.1/src/action_class_section.c Examining data/eccodes-2.19.1/src/grib_dumper_factory.h Examining data/eccodes-2.19.1/src/grib_nearest_class_lambert_conformal.c Examining data/eccodes-2.19.1/src/grib_concept_index.c Examining data/eccodes-2.19.1/src/grib_accessor_class_codetable_units.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_g2complex_packing.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g2bitmap.c Examining data/eccodes-2.19.1/src/grib_dumper_class_default.c Examining data/eccodes-2.19.1/src/grib_accessor_class_to_string.c Examining data/eccodes-2.19.1/src/grib_accessor_class_message.c Examining data/eccodes-2.19.1/src/grib_dependency.c Examining data/eccodes-2.19.1/src/action_class_template.c Examining data/eccodes-2.19.1/src/grib_iterator_class.c Examining data/eccodes-2.19.1/src/grib_accessor_class_group.c Examining data/eccodes-2.19.1/src/grib_accessor_class_int64.c Examining data/eccodes-2.19.1/src/grib_accessor_class_position.c Examining data/eccodes-2.19.1/src/grib_2order_packer_simple.c Examining data/eccodes-2.19.1/src/grib_api_version.c Examining data/eccodes-2.19.1/src/grib_accessor_class_uint64.c Examining data/eccodes-2.19.1/src/grib_accessor_class_int16.c Examining data/eccodes-2.19.1/src/grib_accessor_class_count_file.c Examining data/eccodes-2.19.1/src/grib_box_class.h Examining data/eccodes-2.19.1/src/grib_accessor_class_number_of_points_gaussian.c Examining data/eccodes-2.19.1/src/grib_accessor_class_smart_table_column.c Examining data/eccodes-2.19.1/src/grib_templates.h Examining data/eccodes-2.19.1/src/grib_accessor_class_count_missing.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g2grid.c Examining data/eccodes-2.19.1/src/grib_dumper_class.c Examining data/eccodes-2.19.1/src/grib_accessor_class_bufrdc_expanded_descriptors.c Examining data/eccodes-2.19.1/src/grib_accessor_class_global_gaussian.c Examining data/eccodes-2.19.1/src/grib_expression_class_length.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_apply_gdsnotpresent.c Examining data/eccodes-2.19.1/src/grib_accessor_class_number_of_points.c Examining data/eccodes-2.19.1/src/grib_api_prototypes.h Examining data/eccodes-2.19.1/src/grib_box_class_reduced_gaussian.c Examining data/eccodes-2.19.1/src/grib_accessor_class_concept.c Examining data/eccodes-2.19.1/src/grib_accessor_class_local_definition.c Examining data/eccodes-2.19.1/src/grib_accessor_class_bufr_data_element.c Examining data/eccodes-2.19.1/src/grib_errors.c Examining data/eccodes-2.19.1/src/grib_viarray.c Examining data/eccodes-2.19.1/src/grib_accessor_class_when.c Examining data/eccodes-2.19.1/src/grib_accessor_class_spd.c Examining data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_C.c Examining data/eccodes-2.19.1/src/grib_accessor_class_uint16_little_endian.c Examining data/eccodes-2.19.1/src/grib_iterator_class.h Examining data/eccodes-2.19.1/src/grib_accessor_class_data_g2secondary_bitmap.c Examining data/eccodes-2.19.1/src/grib_accessor_class_to_integer.c Examining data/eccodes-2.19.1/src/grib_db.c Examining data/eccodes-2.19.1/src/grib_vsarray.c Examining data/eccodes-2.19.1/src/grib_accessor_class_signed.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_g1second_order_constant_width_packing.c Examining data/eccodes-2.19.1/src/grib_accessor_class_ibmfloat.c Examining data/eccodes-2.19.1/src/grib_query.c Examining data/eccodes-2.19.1/src/grib_accessor_class_int32.c Examining data/eccodes-2.19.1/src/grib_iterator_class_lambert_conformal.c Examining data/eccodes-2.19.1/src/grib_accessor_class_number_of_coded_values.c Examining data/eccodes-2.19.1/src/action_class_concept.c Examining data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_fortran.c Examining data/eccodes-2.19.1/src/grib_lex.c Examining data/eccodes-2.19.1/src/grib_fieldset.c Examining data/eccodes-2.19.1/src/grib_filepool.c Examining data/eccodes-2.19.1/src/grib_concept.c Examining data/eccodes-2.19.1/src/grib_accessor_class_values.c Examining data/eccodes-2.19.1/src/grib_emoslib.h Examining data/eccodes-2.19.1/src/grib_ieeefloat.c Examining data/eccodes-2.19.1/src/grib_accessor_class_signed_bits.c Examining data/eccodes-2.19.1/src/grib_oarray.c Examining data/eccodes-2.19.1/src/grib_nearest_class_regular.c Examining data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_filter.c Examining data/eccodes-2.19.1/src/grib_accessor_class_rdbtime_guess_date.c Examining data/eccodes-2.19.1/src/grib_accessor_class_ifs_param.c Examining data/eccodes-2.19.1/src/grib_accessor_class_expanded_descriptors.c Examining data/eccodes-2.19.1/src/action_class_assert.c Examining data/eccodes-2.19.1/src/action_class_variable.c Examining data/eccodes-2.19.1/src/grib_accessor_class_gds_is_present.c Examining data/eccodes-2.19.1/src/grib_accessor_class_section_length.c Examining data/eccodes-2.19.1/src/grib_accessor_class_lookup.c Examining data/eccodes-2.19.1/src/grib_accessor_class_trim.c Examining data/eccodes-2.19.1/src/grib_accessor_class_gaussian_grid_name.c Examining data/eccodes-2.19.1/src/action_class_set_missing.c Examining data/eccodes-2.19.1/src/grib_dumper_class.h Examining data/eccodes-2.19.1/src/action_class_meta.c Examining data/eccodes-2.19.1/src/grib_accessor_class_hash_array.c Examining data/eccodes-2.19.1/src/grib_accessor_class_to_double.c Examining data/eccodes-2.19.1/src/grib_dumper_class_debug.c Examining data/eccodes-2.19.1/src/grib_bits_ibmpow.c Examining data/eccodes-2.19.1/src/grib_expression_class_accessor.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_g1second_order_general_extended_packing.c Examining data/eccodes-2.19.1/src/grib_accessor_class_bufr_extract_datetime_subsets.c Examining data/eccodes-2.19.1/src/eccodes.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_g1shsimple_packing.c Examining data/eccodes-2.19.1/src/grib_accessor_class_int16_little_endian.c Examining data/eccodes-2.19.1/src/grib_accessor_class_long.c Examining data/eccodes-2.19.1/src/grib_accessor_class_bitmap.c Examining data/eccodes-2.19.1/src/grib_hash_keys.c Examining data/eccodes-2.19.1/src/grib_accessor_class_bit.c Examining data/eccodes-2.19.1/src/grib_accessor_class_time.c Examining data/eccodes-2.19.1/src/grib_accessor_class_octect_number.c Examining data/eccodes-2.19.1/src/grib_dumper_class_keys.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g1_increment.c Examining data/eccodes-2.19.1/src/grib_itrie_keys.c Examining data/eccodes-2.19.1/src/grib_accessor_class_codetable_title.c Examining data/eccodes-2.19.1/src/grib_accessor_class_from_scale_factor_scaled_value.c Examining data/eccodes-2.19.1/src/grib_accessor_class_pad.c Examining data/eccodes-2.19.1/src/grib_expression_class_binop.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_simple_packing.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_apply_boustrophedonic_bitmap.c Examining data/eccodes-2.19.1/src/grib_openjpeg_encoding.c Examining data/eccodes-2.19.1/src/grib_ibmfloat.c Examining data/eccodes-2.19.1/src/grib_memory.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g2end_step.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_g1complex_packing.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_g2simple_packing_with_preprocessing.c Examining data/eccodes-2.19.1/src/grib_accessor_class_mars_step.c Examining data/eccodes-2.19.1/src/action_class_rename.c Examining data/eccodes-2.19.1/src/grib_accessor_class_bufr_group.c Examining data/eccodes-2.19.1/src/grib_accessor_class_divdouble.c Examining data/eccodes-2.19.1/src/grib_accessor_class_decimal_precision.c Examining data/eccodes-2.19.1/src/action_class_gen.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_constant_field.c Examining data/eccodes-2.19.1/src/grib_accessor_class_nearest.c Examining data/eccodes-2.19.1/src/grib_accessor_class_padtoeven.c Examining data/eccodes-2.19.1/src/grib_accessor_class_abstract_long_vector.c Examining data/eccodes-2.19.1/src/grib_yacc.h Examining data/eccodes-2.19.1/src/grib_accessor_class_sum.c Examining data/eccodes-2.19.1/src/grib_expression_class_logical_and.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g1_half_byte_codeflag.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_sh_unpacked.c Examining data/eccodes-2.19.1/src/grib_accessor_class_bufr_clear_tables.c Examining data/eccodes-2.19.1/src/grib_accessor_class.h Examining data/eccodes-2.19.1/src/codes_memfs.c Examining data/eccodes-2.19.1/src/grib_accessor_class_statistics.c Examining data/eccodes-2.19.1/src/grib_accessor_class_message_copy.c Examining data/eccodes-2.19.1/src/grib_iterator_class_gaussian_reduced.c Examining data/eccodes-2.19.1/src/grib_accessor_class_bufr_extract_subsets.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_g2bifourier_packing.c Examining data/eccodes-2.19.1/src/grib_accessor_class_bits.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_g2simple_packing.c Examining data/eccodes-2.19.1/src/grib_accessor_class_bufr_simple_thinning.c Examining data/eccodes-2.19.1/src/action_class_alias.c Examining data/eccodes-2.19.1/src/grib_accessor_class_latlonvalues.c Examining data/eccodes-2.19.1/src/grib_accessor_class_section_padding.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_png_packing.c Examining data/eccodes-2.19.1/src/grib_accessor_class_latitudes.c Examining data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_python.c Examining data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c Examining data/eccodes-2.19.1/src/grib_bits_any_endian.c Examining data/eccodes-2.19.1/src/minmax_val.c Examining data/eccodes-2.19.1/src/grib_accessor_class_padtomultiple.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g1monthlydate.c Examining data/eccodes-2.19.1/src/grib_templates.c Examining data/eccodes-2.19.1/src/grib_accessor_class_transient_darray.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g1area.c Examining data/eccodes-2.19.1/src/grib_nearest_class_space_view.c Examining data/eccodes-2.19.1/src/grib_accessor_class_second_order_bits_per_value.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_raw_packing.c Examining data/eccodes-2.19.1/src/grib_accessor_class_md5.c Examining data/eccodes-2.19.1/src/grib_nearest_class.h Examining data/eccodes-2.19.1/src/grib_accessor_class_g1verificationdate.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g2step.c Examining data/eccodes-2.19.1/src/action_class_trigger.c Examining data/eccodes-2.19.1/src/grib_accessor_class_uint32.c Examining data/eccodes-2.19.1/src/grib_dumper_class_serialize.c Examining data/eccodes-2.19.1/src/grib_accessor_class_int32_little_endian.c Examining data/eccodes-2.19.1/src/grib_accessor_classes_hash.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g2date.c Examining data/eccodes-2.19.1/src/codes_util.c Examining data/eccodes-2.19.1/src/grib_bits_fast_big_endian_omp.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_g1secondary_bitmap.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g1number_of_coded_values_sh_simple.c Examining data/eccodes-2.19.1/src/grib_accessor_class_offset_values.c Examining data/eccodes-2.19.1/src/grib_bits_fast_big_endian_vector.c Examining data/eccodes-2.19.1/src/action_class_list.c Examining data/eccodes-2.19.1/src/grib_accessor_class_box.c Examining data/eccodes-2.19.1/src/grib_accessor_class_padto.c Examining data/eccodes-2.19.1/src/grib_accessor_class_laplacian.c Examining data/eccodes-2.19.1/src/action_class_modify.c Examining data/eccodes-2.19.1/src/deprecated/grib_accessor_class_bufr_data.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_secondary_bitmap.c Examining data/eccodes-2.19.1/src/grib_accessor_class_spectral_truncation.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_jpeg2000_packing.c Examining data/eccodes-2.19.1/src/grib_accessor_class_julian_day.c Examining data/eccodes-2.19.1/src/grib_accessor_class_gds_not_present_bitmap.c Examining data/eccodes-2.19.1/src/bufr_keys_iterator.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g1param.c Examining data/eccodes-2.19.1/src/grib_expression_class_constant.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g2level.c Examining data/eccodes-2.19.1/src/grib_accessor_class_number_of_values_data_raw_packing.c Examining data/eccodes-2.19.1/src/grib_accessor_class_unexpanded_descriptors.c Examining data/eccodes-2.19.1/src/jgribapi_GribIterator.h Examining data/eccodes-2.19.1/src/grib_accessor_class_validity_date.c Examining data/eccodes-2.19.1/src/grib_accessor_class_array.c Examining data/eccodes-2.19.1/src/grib_accessor_class_data_g22order_packing.c Examining data/eccodes-2.19.1/src/grib_accessor_class_evaluate.c Examining data/eccodes-2.19.1/src/grib_accessor_class_offset_file.c Examining data/eccodes-2.19.1/src/grib_box.c Examining data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_C.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g2lon.c Examining data/eccodes-2.19.1/src/grib_dumper_class_grib_encode_C.c Examining data/eccodes-2.19.1/src/grib_dumper_class_json.c Examining data/eccodes-2.19.1/src/action_class_set_iarray.c Examining data/eccodes-2.19.1/src/grib_context.c Examining data/eccodes-2.19.1/src/grib_accessor_class_dictionary.c Examining data/eccodes-2.19.1/src/grib_accessor_class_apply_operators.c Examining data/eccodes-2.19.1/src/grib_accessor_class_julian_date.c Examining data/eccodes-2.19.1/src/grib_accessor_class_g2latlon.c Examining data/eccodes-2.19.1/src/md5.h Examining data/eccodes-2.19.1/src/grib_bits_fast_big_endian.c Examining data/eccodes-2.19.1/tigge/tigge_check.c Examining data/eccodes-2.19.1/tigge/tigge_tools.c Examining data/eccodes-2.19.1/tigge/tigge_name.c Examining data/eccodes-2.19.1/tigge/tigge_split.c Examining data/eccodes-2.19.1/tigge/tigge_check.h Examining data/eccodes-2.19.1/tigge/tigge_accumulations.c Examining data/eccodes-2.19.1/tigge/tigge_tools.h Examining data/eccodes-2.19.1/tests/packing.c Examining data/eccodes-2.19.1/tests/pack_unpack.c Examining data/eccodes-2.19.1/tests/grib_nearest_test.c Examining data/eccodes-2.19.1/tests/bits.c Examining data/eccodes-2.19.1/tests/values_to_ascii.c Examining data/eccodes-2.19.1/tests/grib_sh_ieee64.c Examining data/eccodes-2.19.1/tests/grib_lam_gp.c Examining data/eccodes-2.19.1/tests/grib_optimize_scaling.c Examining data/eccodes-2.19.1/tests/index_orderby.c Examining data/eccodes-2.19.1/tests/bufr_keys_iter.c Examining data/eccodes-2.19.1/tests/jpeg_perf.c Examining data/eccodes-2.19.1/tests/read_any.c Examining data/eccodes-2.19.1/tests/ibm.c Examining data/eccodes-2.19.1/tests/laplacian.c Examining data/eccodes-2.19.1/tests/unit_tests.c Examining data/eccodes-2.19.1/tests/so_perf.c Examining data/eccodes-2.19.1/tests/gauss_sub.c Examining data/eccodes-2.19.1/tests/grib_bpv_limit.c Examining data/eccodes-2.19.1/tests/grib_util_set_spec.c Examining data/eccodes-2.19.1/tests/packing_check.c Examining data/eccodes-2.19.1/tests/grib_optimize_scaling_sh.c Examining data/eccodes-2.19.1/tests/png_perf.c Examining data/eccodes-2.19.1/tests/grib_sh_imag.c Examining data/eccodes-2.19.1/tests/bufr_get_element.c Examining data/eccodes-2.19.1/tests/grib_local_MeteoFrance.c Examining data/eccodes-2.19.1/tests/largefile.c Examining data/eccodes-2.19.1/tests/bufr_extract_headers.c Examining data/eccodes-2.19.1/tests/bufr_threads_ecc-604.c Examining data/eccodes-2.19.1/tests/tests.ecmwf/packing.c Examining data/eccodes-2.19.1/tests/tests.ecmwf/sample.c Examining data/eccodes-2.19.1/tests/tests.ecmwf/serialize.c Examining data/eccodes-2.19.1/tests/tests.ecmwf/memory.c Examining data/eccodes-2.19.1/tests/tests.ecmwf/sample1.c Examining data/eccodes-2.19.1/tests/tests.ecmwf/values.c Examining data/eccodes-2.19.1/tests/tests.ecmwf/compatibility.c Examining data/eccodes-2.19.1/tests/tests.ecmwf/chemical.c Examining data/eccodes-2.19.1/tests/tests.ecmwf/test.h Examining data/eccodes-2.19.1/tests/tests.ecmwf/compatibility_ex.c Examining data/eccodes-2.19.1/tests/tests.ecmwf/deserialize.c Examining data/eccodes-2.19.1/tests/tests.ecmwf/grib1to2.c Examining data/eccodes-2.19.1/tests/tests.ecmwf/compare.c Examining data/eccodes-2.19.1/tests/tests.ecmwf/request.c Examining data/eccodes-2.19.1/tests/grib_lam_bf.c Examining data/eccodes-2.19.1/tests/julian.c Examining data/eccodes-2.19.1/tests/ieee.c Examining data/eccodes-2.19.1/tests/grib_2nd_order_numValues.c Examining data/eccodes-2.19.1/tests/timing.c Examining data/eccodes-2.19.1/tests/decode.c Examining data/eccodes-2.19.1/tests/bufr_check_descriptors.c Examining data/eccodes-2.19.1/tests/grib_ecc-386.c Examining data/eccodes-2.19.1/tests/grib_threads_ecc-604.c Examining data/eccodes-2.19.1/tests/grib_read_index.c Examining data/eccodes-2.19.1/tests/grib_double_cmp.c Examining data/eccodes-2.19.1/tests/grib_threads_ecc-604-encode.c Examining data/eccodes-2.19.1/tests/grib_encode_pthreads.c Examining data/eccodes-2.19.1/tests/gribex_perf.c Examining data/eccodes-2.19.1/tests/grib_indexing.c Examining data/eccodes-2.19.1/tests/grib_multi_from_message.c Examining data/eccodes-2.19.1/tests/bufr_ecc-517.c Examining data/eccodes-2.19.1/tests/grib_ccsds_perf.c Examining data/eccodes-2.19.1/examples/python/grib_keys_iterator.c Examining data/eccodes-2.19.1/examples/python/grib_count_messages.c Examining data/eccodes-2.19.1/examples/python/grib_iterator.c Examining data/eccodes-2.19.1/examples/python/grib_print_data.c Examining data/eccodes-2.19.1/examples/C/grib_nearest.c Examining data/eccodes-2.19.1/examples/C/grib_list.c Examining data/eccodes-2.19.1/examples/C/bufr_read_header.c Examining data/eccodes-2.19.1/examples/C/grib_keys_iterator.c Examining data/eccodes-2.19.1/examples/C/bufr_read_temp.c Examining data/eccodes-2.19.1/examples/C/grib_copy_message.c Examining data/eccodes-2.19.1/examples/C/grib_sections_copy.c Examining data/eccodes-2.19.1/examples/C/bufr_copy_data.c Examining data/eccodes-2.19.1/examples/C/grib_set_pv.c Examining data/eccodes-2.19.1/examples/C/box.c Examining data/eccodes-2.19.1/examples/C/grib_get_data.c Examining data/eccodes-2.19.1/examples/C/grib_get_keys.c Examining data/eccodes-2.19.1/examples/C/grib_clone.c Examining data/eccodes-2.19.1/examples/C/grib_set_keys.c Examining data/eccodes-2.19.1/examples/C/set_missing.c Examining data/eccodes-2.19.1/examples/C/bufr_expanded.c Examining data/eccodes-2.19.1/examples/C/values_check.c Examining data/eccodes-2.19.1/examples/C/grib_iterator.c Examining data/eccodes-2.19.1/examples/C/grib_set_data.c Examining data/eccodes-2.19.1/examples/C/bufr_subset.c Examining data/eccodes-2.19.1/examples/C/grib_set_bitmap.c Examining data/eccodes-2.19.1/examples/C/bufr_set_keys.c Examining data/eccodes-2.19.1/examples/C/grib_precision.c Examining data/eccodes-2.19.1/examples/C/grib_index.c Examining data/eccodes-2.19.1/examples/C/large_grib1.c Examining data/eccodes-2.19.1/examples/C/bufr_read_synop.c Examining data/eccodes-2.19.1/examples/C/bufr_clone.c Examining data/eccodes-2.19.1/examples/C/grib_precipitation.c Examining data/eccodes-2.19.1/examples/C/bufr_get_string_array.c Examining data/eccodes-2.19.1/examples/C/bufr_get_keys.c Examining data/eccodes-2.19.1/examples/C/mars_param.c Examining data/eccodes-2.19.1/examples/C/bufr_attributes.c Examining data/eccodes-2.19.1/examples/C/new_sample.c Examining data/eccodes-2.19.1/examples/C/bufr_missing.c Examining data/eccodes-2.19.1/examples/C/grib_print_data.c Examining data/eccodes-2.19.1/examples/C/get_product_kind.c Examining data/eccodes-2.19.1/examples/C/grib_multi_write.c Examining data/eccodes-2.19.1/examples/C/grib_pthreads.c Examining data/eccodes-2.19.1/examples/C/multi2.c Examining data/eccodes-2.19.1/examples/C/grib_iterator_bitmap.c Examining data/eccodes-2.19.1/examples/C/grib_multi.c Examining data/eccodes-2.19.1/examples/C/grib_ensemble_index.c Examining data/eccodes-2.19.1/examples/C/fieldset.c Examining data/eccodes-2.19.1/examples/C/nc.c Examining data/eccodes-2.19.1/examples/C/bufr_keys_iterator.c Examining data/eccodes-2.19.1/examples/C/bufr_pthreads.c Examining data/eccodes-2.19.1/examples/C/grib_nearest_multiple.c Examining data/eccodes-2.19.1/examples/C/bufr_read_scatterometer.c Examining data/eccodes-2.19.1/python/gribapi.c Examining data/eccodes-2.19.1/python/grib_interface.h Examining data/eccodes-2.19.1/python/grib_interface.c Examining data/eccodes-2.19.1/python/swig_wrap_numpy.c Examining data/eccodes-2.19.1/python/grib_errors.h Examining data/eccodes-2.19.1/tools/metar_copy.c Examining data/eccodes-2.19.1/tools/metar_ls.c Examining data/eccodes-2.19.1/tools/grib_dump.c Examining data/eccodes-2.19.1/tools/codes_info.c Examining data/eccodes-2.19.1/tools/bufr_set.c Examining data/eccodes-2.19.1/tools/gts_filter.c Examining data/eccodes-2.19.1/tools/grib_2_request.c Examining data/eccodes-2.19.1/tools/bufr_copy.c Examining data/eccodes-2.19.1/tools/grib_filter.h Examining data/eccodes-2.19.1/tools/grib_nearest_land.c Examining data/eccodes-2.19.1/tools/grib_tools.c Examining data/eccodes-2.19.1/tools/gts_ls.c Examining data/eccodes-2.19.1/tools/taf_filter.c Examining data/eccodes-2.19.1/tools/grib_get_data.c Examining data/eccodes-2.19.1/tools/metar_dump.c Examining data/eccodes-2.19.1/tools/grib2ppm.c Examining data/eccodes-2.19.1/tools/bufr_get.c Examining data/eccodes-2.19.1/tools/mars_request.c Examining data/eccodes-2.19.1/tools/gts_compare.c Examining data/eccodes-2.19.1/tools/bufr_ls.c Examining data/eccodes-2.19.1/tools/bufr_index_build.c Examining data/eccodes-2.19.1/tools/list_keys.c Examining data/eccodes-2.19.1/tools/grib_to_json.c Examining data/eccodes-2.19.1/tools/grib_merge.c Examining data/eccodes-2.19.1/tools/metar_filter.c Examining data/eccodes-2.19.1/tools/gts_dump.c Examining data/eccodes-2.19.1/tools/gg_sub_area_check.c Examining data/eccodes-2.19.1/tools/big2gribex.c Examining data/eccodes-2.19.1/tools/metar_compare.c Examining data/eccodes-2.19.1/tools/xref.c Examining data/eccodes-2.19.1/tools/codes_count.c Examining data/eccodes-2.19.1/tools/codes_parser.c Examining data/eccodes-2.19.1/tools/grib_filter.c Examining data/eccodes-2.19.1/tools/grib_repair.c Examining data/eccodes-2.19.1/tools/codes_split_file.c Examining data/eccodes-2.19.1/tools/bufr_dump.c Examining data/eccodes-2.19.1/tools/grib_copy.c Examining data/eccodes-2.19.1/tools/grib_ls.c Examining data/eccodes-2.19.1/tools/grib_get.c Examining data/eccodes-2.19.1/tools/wingetopt.h Examining data/eccodes-2.19.1/tools/wingetopt.c Examining data/eccodes-2.19.1/tools/test.c Examining data/eccodes-2.19.1/tools/bufr_split_by_rdbSubtype.c Examining data/eccodes-2.19.1/tools/metar_get.c Examining data/eccodes-2.19.1/tools/grib_set.c Examining data/eccodes-2.19.1/tools/gaussian.c Examining data/eccodes-2.19.1/tools/taf_get.c Examining data/eccodes-2.19.1/tools/taf_ls.c Examining data/eccodes-2.19.1/tools/compile.c Examining data/eccodes-2.19.1/tools/gts_copy.c Examining data/eccodes-2.19.1/tools/load.h Examining data/eccodes-2.19.1/tools/bufr_filter.c Examining data/eccodes-2.19.1/tools/grib_histogram.c Examining data/eccodes-2.19.1/tools/deprecated/grib_gen.c Examining data/eccodes-2.19.1/tools/deprecated/grib_convert.c Examining data/eccodes-2.19.1/tools/deprecated/grib_cmp.c Examining data/eccodes-2.19.1/tools/deprecated/dumpload.c Examining data/eccodes-2.19.1/tools/deprecated/grib_corruption_check.c Examining data/eccodes-2.19.1/tools/deprecated/grib_moments.c Examining data/eccodes-2.19.1/tools/deprecated/grib_keys.c Examining data/eccodes-2.19.1/tools/deprecated/grib_distance.c Examining data/eccodes-2.19.1/tools/deprecated/grib_points.c Examining data/eccodes-2.19.1/tools/deprecated/all_keys.c Examining data/eccodes-2.19.1/tools/deprecated/dump.c Examining data/eccodes-2.19.1/tools/deprecated/grib_error.c Examining data/eccodes-2.19.1/tools/deprecated/grib_debug.c Examining data/eccodes-2.19.1/tools/deprecated/grib_add.c Examining data/eccodes-2.19.1/tools/deprecated/grib_packing.c Examining data/eccodes-2.19.1/tools/deprecated/grib_diff.c Examining data/eccodes-2.19.1/tools/grib_index_build.c Examining data/eccodes-2.19.1/tools/grib_check_gaussian_grid.c Examining data/eccodes-2.19.1/tools/gts_get.c Examining data/eccodes-2.19.1/tools/bufr_3to4.c Examining data/eccodes-2.19.1/tools/load.c Examining data/eccodes-2.19.1/tools/taf_dump.c Examining data/eccodes-2.19.1/tools/grib_tools.h Examining data/eccodes-2.19.1/tools/grib_compare.c Examining data/eccodes-2.19.1/tools/grib_options.c Examining data/eccodes-2.19.1/tools/grib_to_netcdf.c Examining data/eccodes-2.19.1/tools/bufr_compare.c Examining data/eccodes-2.19.1/cmake/pymain.c Examining data/eccodes-2.19.1/fortran/grib_fortran_prototypes.h Examining data/eccodes-2.19.1/fortran/grib_api_externals.h Examining data/eccodes-2.19.1/fortran/grib_api_constants.h Examining data/eccodes-2.19.1/fortran/grib_api_visibility.h Examining data/eccodes-2.19.1/fortran/grib_fortran.c Examining data/eccodes-2.19.1/fortran/eccodes_visibility.h Examining data/eccodes-2.19.1/fortran/grib_fortran_kinds.c Examining data/eccodes-2.19.1/fortran/grib_f77.c Examining data/eccodes-2.19.1/fortran/eccodes_constants.h FINAL RESULTS: data/eccodes-2.19.1/src/grib_api_internal.h:99:9: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. #define chmod(path, mode) _chmod(path, mode) data/eccodes-2.19.1/fortran/grib_fortran.c:1346:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf,"%s",grib_keys_iterator_get_name(kiter)); data/eccodes-2.19.1/fortran/grib_fortran.c:1435:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf,"%s",codes_bufr_keys_iterator_get_name(kiter)); data/eccodes-2.19.1/fortran/grib_fortran.c:3166:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p,cval[i]); data/eccodes-2.19.1/python/grib_interface.c:1020:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s", grib_keys_iterator_get_name(kiter)); data/eccodes-2.19.1/python/grib_interface.c:1089:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s", codes_bufr_keys_iterator_get_name(kiter)); data/eccodes-2.19.1/python/swig_wrap_numpy.c:662:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(r,name); data/eccodes-2.19.1/python/swig_wrap_numpy.c:793:25: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define PyOS_snprintf _snprintf data/eccodes-2.19.1/python/swig_wrap_numpy.c:795:25: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define PyOS_snprintf snprintf data/eccodes-2.19.1/python/swig_wrap_numpy.c:812:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. res = vsnprintf(buf, sizeof(buf), fmt, ap); data/eccodes-2.19.1/python/swig_wrap_numpy.c:3607:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(dims_str,s); data/eccodes-2.19.1/python/swig_wrap_numpy.c:3610:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(dims_str,s); data/eccodes-2.19.1/python/swig_wrap_numpy.c:3649:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(desired_dims,s); data/eccodes-2.19.1/python/swig_wrap_numpy.c:3656:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(actual_dims,s); data/eccodes-2.19.1/src/action_class_concept.c:244:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s/%s", masterDir, self->basename); data/eccodes-2.19.1/src/action_class_concept.c:252:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s/%s", localDir, self->basename); data/eccodes-2.19.1/src/action_class_concept.c:256:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key, "%s%s", master, local); data/eccodes-2.19.1/src/action_class_concept.c:357:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(exprVal, "%s", cval); data/eccodes-2.19.1/src/action_class_concept.c:403:31: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. length += sprintf(result + length, "%s%s=%s", data/eccodes-2.19.1/src/action_class_hash_array.c:246:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s/%s", masterDir, self->basename); data/eccodes-2.19.1/src/action_class_hash_array.c:257:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s/%s", localDir, self->basename); data/eccodes-2.19.1/src/action_class_hash_array.c:263:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s/%s", ecmfDir, self->basename); data/eccodes-2.19.1/src/action_class_hash_array.c:267:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key, "%s%s%s", master, local, ecmf); data/eccodes-2.19.1/src/action_class_if.c:126:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(debug_info, "File=%s line=%d", file_being_parsed, lineno); data/eccodes-2.19.1/src/action_class_section.c:112:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(debug_str, " (%s)", act->debug_info); data/eccodes-2.19.1/src/action_class_set_missing.c:93:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "set_missing_%s", name); data/eccodes-2.19.1/src/bufr_keys_iterator.c:133:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(kiter->prefix, "#%d#%s", *r, kiter->current->name); data/eccodes-2.19.1/src/bufr_keys_iterator.c:149:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(prefix, kiter->prefix); /* strcpy and strcat here are much faster than sprintf */ data/eccodes-2.19.1/src/bufr_keys_iterator.c:151:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(prefix, kiter->attributes[i_curr_attribute]->name); data/eccodes-2.19.1/src/bufr_keys_iterator.c:208:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ret, kiter->prefix); /* strcpy and strcat here are much faster than sprintf */ data/eccodes-2.19.1/src/bufr_keys_iterator.c:210:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ret, kiter->attributes[iattribute]->name); data/eccodes-2.19.1/src/bufr_keys_iterator.c:217:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ret, "#%d#%s", *r, kiter->current->name); data/eccodes-2.19.1/src/bufr_keys_iterator.c:220:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ret, kiter->current->name); data/eccodes-2.19.1/src/bufr_util.c:52:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, "#2#%s", key); data/eccodes-2.19.1/src/bufr_util.c:789:28: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (edition == 3) sprintf(full_path, "%s/common/c-1.table", defs_path); data/eccodes-2.19.1/src/bufr_util.c:790:28: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else if (edition == 4) sprintf(full_path, "%s/common/c-11.table", defs_path); data/eccodes-2.19.1/src/bufr_util.c:870:20: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. *len = sprintf(val, "%s", centre_str); data/eccodes-2.19.1/src/bufr_util.c:913:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:919:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:923:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:925:20: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. *len = sprintf(val, "%s", bh->ident); data/eccodes-2.19.1/src/bufr_util.c:931:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:937:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:943:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:949:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:955:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:961:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:967:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:973:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:979:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:985:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:991:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:997:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:1003:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:1009:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:1015:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:1021:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:1027:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:1033:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:1039:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:1045:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:1051:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:1057:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:1063:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:1069:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:1075:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:1081:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/bufr_util.c:1087:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, NOT_FOUND); data/eccodes-2.19.1/src/codes_memfs.c:38:16: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return access(name, mode); data/eccodes-2.19.1/src/codes_memfs.c:45:12: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return access(name, mode); data/eccodes-2.19.1/src/codes_memfs.c:57:12: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return access(name, mode); data/eccodes-2.19.1/src/deprecated/grib_accessor_class_bufr_data.c:480:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf,"%sUnits",self->abbreviation[i]); data/eccodes-2.19.1/src/deprecated/grib_accessor_class_bufr_data.c:734:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name,"%sOf-%s",self->abbreviation[i],self->abbreviation[indexOfReferringElement]); data/eccodes-2.19.1/src/grib_accessor_class_bufr_data_element.c:366:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, sval); data/eccodes-2.19.1/src/grib_accessor_class_bufr_data_element.c:408:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, str); data/eccodes-2.19.1/src/grib_accessor_class_bufr_elements_table.c:216:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "%s/%s", masterDir, self->dictionary); data/eccodes-2.19.1/src/grib_accessor_class_bufr_elements_table.c:227:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(localName, "%s/%s", localDir, self->dictionary); data/eccodes-2.19.1/src/grib_accessor_class_bufr_elements_table.c:230:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dictName, "%s:%s", localFilename, filename); data/eccodes-2.19.1/src/grib_accessor_class_bufr_elements_table.c:233:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dictName, "%s", filename); data/eccodes-2.19.1/src/grib_accessor_class_bufr_elements_table.c:367:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(v->shortName, list[1]); data/eccodes-2.19.1/src/grib_accessor_class_bufr_elements_table.c:370:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(v->units, list[4]); data/eccodes-2.19.1/src/grib_accessor_class_bufr_extract_datetime_subsets.c:212:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(keystr, "#%ld#%s", i + 1, key); data/eccodes-2.19.1/src/grib_accessor_class_codeflag.c:182:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(codename, self->tablename); data/eccodes-2.19.1/src/grib_accessor_class_codeflag.c:216:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(codename, self->tablename); data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:317:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "%s/%s", masterDir, self->tablename); data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:328:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(localName, "%s/%s", localDir, self->tablename); data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:572:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(comment, table->entries[value].title); data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:574:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(comment, "%s", table->entries[value].title); data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:578:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(comment, table->entries[value].units); data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:592:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(comment, table->recomposed_name[0]); data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:595:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(comment, table->recomposed_name[1]); data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:624:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp, table->entries[value].abbreviation); data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:641:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buffer, tmp); data/eccodes-2.19.1/src/grib_accessor_class_codetable_title.c:181:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp, table->entries[value].title); data/eccodes-2.19.1/src/grib_accessor_class_codetable_title.c:198:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buffer, tmp); data/eccodes-2.19.1/src/grib_accessor_class_codetable_units.c:180:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp, table->entries[value].units); data/eccodes-2.19.1/src/grib_accessor_class_codetable_units.c:193:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buffer, tmp); data/eccodes-2.19.1/src/grib_accessor_class_concept.c:633:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, p); /* NOLINT: CWE-119 clang-analyzer-security.insecureAPI.strcpy */ data/eccodes-2.19.1/src/grib_accessor_class_dictionary.c:187:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "%s/%s", masterDir, self->dictionary); data/eccodes-2.19.1/src/grib_accessor_class_dictionary.c:198:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(localName, "%s/%s", localDir, self->dictionary); data/eccodes-2.19.1/src/grib_accessor_class_dictionary.c:201:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dictName, "%s:%s", localFilename, filename); data/eccodes-2.19.1/src/grib_accessor_class_dictionary.c:204:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dictName, "%s", filename); data/eccodes-2.19.1/src/grib_accessor_class_double.c:166:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(v, repres); data/eccodes-2.19.1/src/grib_accessor_class_g1date.c:286:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp, months[month - 1]); data/eccodes-2.19.1/src/grib_accessor_class_g1date.c:289:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s-%02ld", months[month - 1], day); data/eccodes-2.19.1/src/grib_accessor_class_g1date.c:304:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, tmp); data/eccodes-2.19.1/src/grib_accessor_class_g1day_of_the_year_date.c:190:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, tmp); data/eccodes-2.19.1/src/grib_accessor_class_g1fcperiod.c:162:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, tmp); /* NOLINT: CWE-119 clang-analyzer-security.insecureAPI.strcpy */ data/eccodes-2.19.1/src/grib_accessor_class_g1step_range.c:691:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buff, "%ld-%s", *val, ++p); data/eccodes-2.19.1/src/grib_accessor_class_g1step_range.c:695:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buff, "%ld-%s", *val, sval); data/eccodes-2.19.1/src/grib_accessor_class_g1step_range.c:711:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buff, "%s-%ld", sval, *val); data/eccodes-2.19.1/src/grib_accessor_class_g1step_range.c:715:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buff, "%s-%ld", sval, *val); data/eccodes-2.19.1/src/grib_accessor_class_gaussian_grid_name.c:193:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(v, tmp); data/eccodes-2.19.1/src/grib_accessor_class_getenv.c:171:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(val, "%s", self->value); data/eccodes-2.19.1/src/grib_accessor_class_label.c:159:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, a->name); data/eccodes-2.19.1/src/grib_accessor_class_library_version.c:144:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, result); data/eccodes-2.19.1/src/grib_accessor_class_long.c:172:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(v, repres); data/eccodes-2.19.1/src/grib_accessor_class_lookup.c:182:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s %lu %ld-%ld", msg, v, (long)a->offset + self->loffset, (long)self->llength); data/eccodes-2.19.1/src/grib_accessor_class_mars_step.c:164:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s", val); data/eccodes-2.19.1/src/grib_accessor_class_mars_step.c:166:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "0-%s", val); data/eccodes-2.19.1/src/grib_accessor_class_mars_step.c:197:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, buf); data/eccodes-2.19.1/src/grib_accessor_class_mars_step.c:201:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, ++p); data/eccodes-2.19.1/src/grib_accessor_class_offset_file.c:171:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(v, repres); data/eccodes-2.19.1/src/grib_accessor_class_proj_string.c:198:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(result, "+proj=latlong %s", shape); data/eccodes-2.19.1/src/grib_accessor_class_proj_string.c:236:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(result, "+proj=lcc +lon_0=%lf +lat_0=%lf +lat_1=%lf +lat_2=%lf %s", data/eccodes-2.19.1/src/grib_accessor_class_proj_string.c:253:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(result, "+proj=laea +lon_0=%lf +lat_0=%lf %s", data/eccodes-2.19.1/src/grib_accessor_class_proj_string.c:275:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(result, "+proj=stere +lat_ts=%lf +lat_0=%s +lon_0=%lf +k_0=1 +x_0=0 +y_0=0 %s", data/eccodes-2.19.1/src/grib_accessor_class_proj_string.c:290:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(result, "+proj=merc +lat_ts=%lf +lat_0=0 +lon_0=0 +x_0=0 +y_0=0 %s", data/eccodes-2.19.1/src/grib_accessor_class_round.c:182:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(val, "%s", result); data/eccodes-2.19.1/src/grib_accessor_class_sexagesimal2decimal.c:266:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, buff); data/eccodes-2.19.1/src/grib_accessor_class_smart_table.c:252:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "%s/%s", masterDir, self->tablename); data/eccodes-2.19.1/src/grib_accessor_class_smart_table.c:262:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(localName, "%s/%s", localDir, self->tablename); data/eccodes-2.19.1/src/grib_accessor_class_smart_table.c:268:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(extraTable, "%s/%s", extraDir, self->extraTable); data/eccodes-2.19.1/src/grib_accessor_class_smart_table.c:452:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp, table->entries[value].abbreviation); data/eccodes-2.19.1/src/grib_accessor_class_smart_table.c:465:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buffer, tmp); data/eccodes-2.19.1/src/grib_accessor_class_smart_table_column.c:227:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp, table->entries[code[i]].column[self->index]); data/eccodes-2.19.1/src/grib_accessor_class_sprintf.c:163:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(result, "%s", ""); data/eccodes-2.19.1/src/grib_accessor_class_sprintf.c:189:25: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tempBuffer, "%sMISSING", result); data/eccodes-2.19.1/src/grib_accessor_class_sprintf.c:190:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result, tempBuffer); data/eccodes-2.19.1/src/grib_accessor_class_sprintf.c:195:29: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tempBuffer, "%s%.*ld", result, precision, ires); data/eccodes-2.19.1/src/grib_accessor_class_sprintf.c:196:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result, tempBuffer); data/eccodes-2.19.1/src/grib_accessor_class_sprintf.c:199:29: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tempBuffer, "%s%ld", result, ires); data/eccodes-2.19.1/src/grib_accessor_class_sprintf.c:200:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result, tempBuffer); data/eccodes-2.19.1/src/grib_accessor_class_sprintf.c:209:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tempBuffer, "%s%g", result, dres); data/eccodes-2.19.1/src/grib_accessor_class_sprintf.c:210:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result, tempBuffer); data/eccodes-2.19.1/src/grib_accessor_class_sprintf.c:218:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tempBuffer, "%s%s", result, sres); data/eccodes-2.19.1/src/grib_accessor_class_sprintf.c:219:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result, tempBuffer); data/eccodes-2.19.1/src/grib_accessor_class_sprintf.c:224:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tempBuffer, "%s%c", result, uname[i]); data/eccodes-2.19.1/src/grib_accessor_class_sprintf.c:225:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result, tempBuffer); data/eccodes-2.19.1/src/grib_accessor_class_sprintf.c:237:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(val, "%s", result); data/eccodes-2.19.1/src/grib_accessor_class_trim.c:165:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(val, "%s", pInput); data/eccodes-2.19.1/src/grib_accessor_class_trim.c:190:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s", val); data/eccodes-2.19.1/src/grib_accessor_class_variable.c:320:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(val, p); data/eccodes-2.19.1/src/grib_api_internal.h:67:22: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define ecc_snprintf snprintf data/eccodes-2.19.1/src/grib_api_internal.h:98:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. #define access(path, mode) _access(path, mode) data/eccodes-2.19.1/src/grib_api_internal.h:103:22: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define ecc_snprintf _snprintf data/eccodes-2.19.1/src/grib_bits_ibmpow_opt.c:187:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define Error(x, y) fprintf(stderr, x, y) data/eccodes-2.19.1/src/grib_bufr_descriptor.c:38:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cd->shortName, d->shortName); data/eccodes-2.19.1/src/grib_bufr_descriptor.c:39:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cd->units, d->units); data/eccodes-2.19.1/src/grib_bufr_descriptor.c:75:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(v->shortName,d->shortName); data/eccodes-2.19.1/src/grib_bufr_descriptor.c:76:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(v->units,d->units); data/eccodes-2.19.1/src/grib_context.c:474:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buffer, default_grib_context.grib_definition_files_path); data/eccodes-2.19.1/src/grib_context.c:477:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buffer, test_defs); data/eccodes-2.19.1/src/grib_context.c:484:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buffer, default_grib_context.grib_samples_path); data/eccodes-2.19.1/src/grib_context.c:487:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buffer, test_samp); data/eccodes-2.19.1/src/grib_context.c:714:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(full, "%s/%s", dir->value, basename); data/eccodes-2.19.1/src/grib_context.c:878:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dup, s); data/eccodes-2.19.1/src/grib_context.c:925:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dup, s); data/eccodes-2.19.1/src/grib_context.c:1021:9: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(msg, fmt, list); data/eccodes-2.19.1/src/grib_context.c:1030:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(msg, strerror(errsv)); data/eccodes-2.19.1/src/grib_context.c:1035:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(msg, sys_errlist[errsv]); data/eccodes-2.19.1/src/grib_context.c:1052:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(msg, fmt, list); data/eccodes-2.19.1/src/grib_context.c:1208:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer, "ecCodes assertion failed: `%s' in %s:%d", message, file, line); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_C.c:218:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_C.c:279:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix1, "%s->%s", prefix, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_C.c:316:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_C.c:366:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_C.c:422:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix1, "%s->%s", prefix, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_C.c:470:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_C.c:534:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_C.c:595:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_filter.c:198:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_filter.c:244:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix1, "%s->%s", prefix, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_filter.c:281:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_filter.c:324:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_filter.c:351:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix1, "%s->%s", prefix, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_filter.c:396:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_filter.c:449:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_filter.c:509:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_fortran.c:201:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_fortran.c:249:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix1, "%s->%s", prefix, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_fortran.c:286:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_fortran.c:331:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_fortran.c:381:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix1, "%s->%s", prefix, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_fortran.c:425:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_fortran.c:478:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_fortran.c:538:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_python.c:211:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_python.c:265:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix1, "%s->%s", prefix, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_python.c:302:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_python.c:345:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_python.c:393:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix1, "%s->%s", prefix, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_python.c:441:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_python.c:491:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_python.c:549:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_C.c:253:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_C.c:337:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix1, "%s->%s", prefix, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_C.c:388:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_C.c:476:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_C.c:555:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix1, "%s->%s", prefix, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_C.c:601:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_C.c:666:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_C.c:738:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, acc_name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_filter.c:230:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_filter.c:304:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix1, "%s->%s", prefix, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_filter.c:343:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_filter.c:413:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_filter.c:486:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix1, "%s->%s", prefix, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_filter.c:533:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_filter.c:606:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_filter.c:677:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:195:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result, input); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:207:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(result, a_token); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:211:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "->&\n &%s", a_token); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:212:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(result, tmp); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:301:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:385:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix1, "%s->%s", prefix, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:436:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:523:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:606:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix1, "%s->%s", pref, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:653:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:720:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:792:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, acc_name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_python.c:254:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_python.c:338:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix1, "%s->%s", prefix, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_python.c:388:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_python.c:476:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_python.c:554:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix1, "%s->%s", prefix, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_python.c:600:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_python.c:664:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_python.c:735:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, acc_name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_simple.c:228:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_simple.c:303:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix1, "%s->%s", prefix, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_simple.c:351:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_simple.c:430:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_simple.c:504:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix1, "%s->%s", prefix, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_simple.c:553:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_simple.c:617:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, a->name); data/eccodes-2.19.1/src/grib_dumper_class_bufr_simple.c:683:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", r, acc_name); data/eccodes-2.19.1/src/grib_dumper_class_default.c:678:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s ( length=%ld, padding=%ld )", upper, (long)s->length, (long)s->padding); data/eccodes-2.19.1/src/grib_dumper_class_grib_encode_C.c:189:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, comment); data/eccodes-2.19.1/src/grib_dumper_class_grib_encode_C.c:329:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(stype, "%s", "long"); data/eccodes-2.19.1/src/grib_dumper_class_grib_encode_C.c:332:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(stype, "%s", "double"); data/eccodes-2.19.1/src/grib_dumper_class_serialize.c:399:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(self->dumper.out, values_format, buf[k]); data/eccodes-2.19.1/src/grib_dumper_class_wmo.c:541:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s ( length=%ld, padding=%ld )", upper, (long)s->length, (long)s->padding); data/eccodes-2.19.1/src/grib_index.c:1024:21: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, GRIB_KEY_UNDEF); data/eccodes-2.19.1/src/grib_index.c:1029:21: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, GRIB_KEY_UNDEF); data/eccodes-2.19.1/src/grib_index.c:1036:21: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, GRIB_KEY_UNDEF); data/eccodes-2.19.1/src/grib_index.c:1050:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(keys->value, "%s", buf); data/eccodes-2.19.1/src/grib_index.c:1159:25: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, GRIB_KEY_UNDEF); data/eccodes-2.19.1/src/grib_index.c:1164:25: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, GRIB_KEY_UNDEF); data/eccodes-2.19.1/src/grib_index.c:1171:25: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, GRIB_KEY_UNDEF); data/eccodes-2.19.1/src/grib_index.c:1336:42: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. if (err==GRIB_NOT_FOUND) sprintf(buf,GRIB_KEY_UNDEF); data/eccodes-2.19.1/src/grib_index.c:1340:42: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. if (err==GRIB_NOT_FOUND) sprintf(buf,GRIB_KEY_UNDEF); data/eccodes-2.19.1/src/grib_index.c:1345:42: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. if (err==GRIB_NOT_FOUND) sprintf(buf,GRIB_KEY_UNDEF); data/eccodes-2.19.1/src/grib_index.c:1630:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key->value, "%s", value); data/eccodes-2.19.1/src/grib_index.c:1953:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ki->value, "%s", ks->value); data/eccodes-2.19.1/src/grib_parse_utils.c:147:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pc, val); data/eccodes-2.19.1/src/grib_parse_utils.c:224:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, myformat, dval[0]); data/eccodes-2.19.1/src/grib_parse_utils.c:230:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, myformat, dval[i]); data/eccodes-2.19.1/src/grib_parse_utils.c:265:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, myformat, lval[0]); data/eccodes-2.19.1/src/grib_parse_utils.c:271:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, myformat, lval[i]); data/eccodes-2.19.1/src/grib_parse_utils.c:365:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, myformat, dval[0]); data/eccodes-2.19.1/src/grib_parse_utils.c:371:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, myformat, dval[i]); data/eccodes-2.19.1/src/grib_parse_utils.c:390:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, myformat, lval[0]); data/eccodes-2.19.1/src/grib_parse_utils.c:396:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, myformat, lval[i]); data/eccodes-2.19.1/src/grib_parse_utils.c:680:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer, "Cannot include file: '%s'", parse_file); data/eccodes-2.19.1/src/grib_query.c:203:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str, endCondition + 1); data/eccodes-2.19.1/src/grib_query.c:565:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(attribute_name, p); data/eccodes-2.19.1/src/grib_templates.c:58:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path, "%s/%s.tmpl", dir, name); data/eccodes-2.19.1/src/grib_templates.c:86:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path, "%s/%s.tmpl", dir, name); data/eccodes-2.19.1/src/grib_templates.c:112:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path, "%s/%s.tmpl", dir, name); data/eccodes-2.19.1/src/grib_timer.c:63:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(text, "%s%s%s%s%s", pfx, day, hou, min, sec); data/eccodes-2.19.1/src/grib_timer.c:169:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%.2f %s", x, names[n]); data/eccodes-2.19.1/src/grib_timer.c:180:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cpu, "cpu: %s", timename(t->total_cpu_)); data/eccodes-2.19.1/src/grib_timer.c:185:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(bytes, "%sbyte(s)", bytename(t->total_)); data/eccodes-2.19.1/src/grib_timer.c:208:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(bytes, "%sbyte(s)", bytename(ptotal)); data/eccodes-2.19.1/src/grib_util.c:1111:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "%s_pl_%ld_grib%ld", grid_type, spec->N, editionNumber); data/eccodes-2.19.1/src/grib_util.c:1114:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "%s_pl_grib%ld", grid_type, editionNumber); data/eccodes-2.19.1/src/grib_util.c:1133:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "%s_pl_grib%ld", grid_type, editionNumber); data/eccodes-2.19.1/src/grib_util.c:1142:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "%s_grib%ld", spec->grid_name, editionNumber); data/eccodes-2.19.1/src/grib_util.c:1936:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*)values[i].name, p); data/eccodes-2.19.1/src/grib_yacc.c:1718:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/eccodes-2.19.1/tests/grib_bpv_limit.c:92:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(error_msg, "Error decoding when bpv=%d. Error message:%s", i, grib_get_error_message(err)); data/eccodes-2.19.1/tests/grib_bpv_limit.c:112:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(error_msg, "Error decoding when bpv=%d. Error message:%s", i, grib_get_error_message(err)); data/eccodes-2.19.1/tests/grib_ccsds_perf.c:153:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(shortName, "%s%ld", param, level); data/eccodes-2.19.1/tests/grib_ccsds_perf.c:156:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(shortName, "%s", param); data/eccodes-2.19.1/tests/grib_ccsds_perf.c:217:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outfilename, "%s_%s_%ld_simple.grib2", param, gridType, bitsPerValue); data/eccodes-2.19.1/tests/grib_ccsds_perf.c:239:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outfilename, "%s_%s_%ld_ccsds.grib2", param, gridType, bitsPerValue); data/eccodes-2.19.1/tests/grib_lam_bf.c:767:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(f, "lam_bf_%s_%s.grib", grids[igrid], trunc[itrunc].name); data/eccodes-2.19.1/tests/grib_lam_bf.c:792:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(f, "lam_bf_%s_%s.grib", grids[igrid], trunc[itrunc].name); data/eccodes-2.19.1/tests/grib_lam_gp.c:918:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(f, "lam_gp_%s.grib", grids[igrid]); data/eccodes-2.19.1/tests/grib_lam_gp.c:941:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(f, "lam_gp_%s.grib", grids[igrid]); data/eccodes-2.19.1/tests/gribex_perf.c:336:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(shortName,"%s%ld",param,level); data/eccodes-2.19.1/tests/gribex_perf.c:338:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(shortName,"%s",param); data/eccodes-2.19.1/tests/gribex_perf.c:392:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outfilename,"%s_%s_%ld_%ld_simple.grib1",param,gridType,bitsPerValue,(long)nvalues); data/eccodes-2.19.1/tests/gribex_perf.c:418:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outfilename,"%s_%s_%ld_%ld_so.grib1",param,gridType,bitsPerValue,(long)nvalues); data/eccodes-2.19.1/tests/jpeg_perf.c:139:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(shortName, "%s%ld", param, level); data/eccodes-2.19.1/tests/jpeg_perf.c:142:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(shortName, "%s", param); data/eccodes-2.19.1/tests/jpeg_perf.c:203:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outfilename, "%s_%s_%ld_simple.grib2", param, gridType, bitsPerValue); data/eccodes-2.19.1/tests/jpeg_perf.c:225:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outfilename, "%s_%s_%ld_jpeg.grib2", param, gridType, bitsPerValue); data/eccodes-2.19.1/tests/png_perf.c:139:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(shortName, "%s%ld", param, level); data/eccodes-2.19.1/tests/png_perf.c:142:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(shortName, "%s", param); data/eccodes-2.19.1/tests/png_perf.c:203:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outfilename, "%s_%s_%ld_simple.grib2", param, gridType, bitsPerValue); data/eccodes-2.19.1/tests/png_perf.c:225:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outfilename, "%s_%s_%ld_png.grib2", param, gridType, bitsPerValue); data/eccodes-2.19.1/tests/so_perf.c:345:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(shortName,"%s%ld",param,level); data/eccodes-2.19.1/tests/so_perf.c:347:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(shortName,"%s",param); data/eccodes-2.19.1/tests/so_perf.c:405:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outfilename,"%s_%s_%ld_%ld_simple.grib1",param,gridType,bitsPerValue,(long)nvalues); data/eccodes-2.19.1/tests/so_perf.c:447:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outfilename,"%s_%s_%ld_%ld_so.grib1",param,gridType,bitsPerValue,(long)nvalues); data/eccodes-2.19.1/tests/tests.ecmwf/compare.c:820:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf,"/vol/dataserv/grib_samples/problems/%s_%s_%d.grib",q,name,field); data/eccodes-2.19.1/tests/tests.ecmwf/compatibility_ex.c:21:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ofname,"%s.dump",fname); data/eccodes-2.19.1/tests/tests.ecmwf/request.c:126:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name,p->name); data/eccodes-2.19.1/tests/tests.ecmwf/request.c:129:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(value,p->values->name); data/eccodes-2.19.1/tests/tests.ecmwf/request.c:165:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(nam,"mars.%s",name); data/eccodes-2.19.1/tests/tests.ecmwf/request.c:187:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(nam,"mars.%s",name); data/eccodes-2.19.1/tests/tests.ecmwf/sample.c:86:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fname,val); data/eccodes-2.19.1/tests/tests.ecmwf/sample.c:91:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fname,ext); data/eccodes-2.19.1/tests/tests.ecmwf/sample.c:93:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(access(fname,F_OK) != 0) data/eccodes-2.19.1/tests/tests.ecmwf/sample.c:122:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname,"%s/%s=%s.%s", data/eccodes-2.19.1/tests/tests.ecmwf/sample.c:128:8: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(access(fname,F_OK) != 0) data/eccodes-2.19.1/tests/values_to_ascii.c:49:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(format, argv[2]); data/eccodes-2.19.1/tests/values_to_ascii.c:71:13: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(format, values[i]); data/eccodes-2.19.1/tigge/tigge_name.c:90:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wmo_name,"z_tigge_c_%s_%08ld%04ld00_%s_%s_%s_%s_%04ld_%03ld_%04ld_%s.grib", data/eccodes-2.19.1/tigge/tigge_split.c:39:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. # define access(path,mode) _access(path,mode) data/eccodes-2.19.1/tigge/tigge_split.c:146:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wmo_name,"z_tigge_c_%s_%08ld%04ld00_%s_%s_%s_%s_%04ld_%03ld_%04ld_%s.grib", data/eccodes-2.19.1/tigge/tigge_split.c:165:12: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(access(wmo_name,F_OK) == 0) data/eccodes-2.19.1/tigge/tigge_tools.c:40:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp,"%s/%s",name,e->d_name); data/eccodes-2.19.1/tigge/tigge_tools.c:56:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s/*", name); data/eccodes-2.19.1/tigge/tigge_tools.c:61:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s/%s", name, fileinfo.name); data/eccodes-2.19.1/tools/bufr_compare.c:138:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname, "%s_%d.bufr", str, write_count); data/eccodes-2.19.1/tools/bufr_compare.c:407:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(bufr, "%s%c%s", data/eccodes-2.19.1/tools/bufr_compare.c:1226:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fullname, "%s->%s", prefix, a->name); data/eccodes-2.19.1/tools/bufr_compare.c:1293:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix, "#%d#%s", rank, xa->name); data/eccodes-2.19.1/tools/bufr_dump.c:234:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "FILE: %s ", options->current_infile->name); data/eccodes-2.19.1/tools/bufr_split_by_rdbSubtype.c:122:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ofilename, "%s", OUTPUT_FILENAME_DEFAULT); /*default name*/ data/eccodes-2.19.1/tools/bufr_split_by_rdbSubtype.c:135:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ofilename, "%s", OUTPUT_FILENAME_DEFAULT); data/eccodes-2.19.1/tools/bufr_split_by_rdbSubtype.c:137:17: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(ofilename, OUTPUT_FILENAME_SUBTYPE, rdbSubtype); data/eccodes-2.19.1/tools/codes_split_file.c:61:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(ofilename, OUTPUT_FILENAME_FORMAT, filename, i); data/eccodes-2.19.1/tools/codes_split_file.c:90:17: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(ofilename, OUTPUT_FILENAME_FORMAT, filename, i); data/eccodes-2.19.1/tools/compile.c:87:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(l->name, name); data/eccodes-2.19.1/tools/compile.c:88:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(l->path, path); data/eccodes-2.19.1/tools/deprecated/grib_keys.c:58:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf,"%s", files[i]->d_name); data/eccodes-2.19.1/tools/deprecated/grib_keys.c:88:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name,"%s",grib_options_get_option("T:")); data/eccodes-2.19.1/tools/deprecated/grib_keys.c:96:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name,"%s",grib_options_get_option("F:")); data/eccodes-2.19.1/tools/grib_2_request.c:47:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, grib_keys_iterator_get_name(ks)); data/eccodes-2.19.1/tools/grib_2_request.c:49:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "mars.%s", name); data/eccodes-2.19.1/tools/grib_check_gaussian_grid.c:54:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, " Error: %s", fmt); /* indent a bit */ data/eccodes-2.19.1/tools/grib_check_gaussian_grid.c:56:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "Error: %s #%d: %s", filename, msg_num, fmt); data/eccodes-2.19.1/tools/grib_check_gaussian_grid.c:57:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, buf, list); data/eccodes-2.19.1/tools/grib_compare.c:338:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(bufr, "%s%c%s", data/eccodes-2.19.1/tools/grib_dump.c:135:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "FILE: %s ", options->current_infile->name); data/eccodes-2.19.1/tools/grib_get_data.c:220:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(dump_file, format, data_values[i]); data/eccodes-2.19.1/tools/grib_get_data.c:241:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(dump_file, format, data_values[i]); data/eccodes-2.19.1/tools/grib_get_data.c:333:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(value, notfound); data/eccodes-2.19.1/tools/grib_merge.c:352:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname, "_%s.orig.grib", md5); data/eccodes-2.19.1/tools/grib_merge.c:364:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname, "_%s.merge.grib", md5); data/eccodes-2.19.1/tools/grib_options.c:408:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(err, "%s%c\n", msg, *id); data/eccodes-2.19.1/tools/grib_options.c:434:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(err, "%s%c\n", msg, *id); data/eccodes-2.19.1/tools/grib_to_netcdf.c:392:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buffer, fmt, list); data/eccodes-2.19.1/tools/grib_to_netcdf.c:539:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buffer, fmt, list); data/eccodes-2.19.1/tools/grib_to_netcdf.c:560:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, grib_keys_iterator_get_name(ks)); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3036:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(u, "months since %s 00:00:00.0", ymd); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3157:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(par, "%s", (p->name)); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3161:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(val, "%s", (p->values->name)); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3188:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(history, "%s", setup.history); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3197:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(history, "%s by grib_to_netcdf-%d.%d.%d: %s", timestamp, major, minor, revision, argvString); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3462:29: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(metapath, "%s/%s", metadata_dir ? metadata_dir : ".", metafile); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3470:29: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(att->name, pname); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3487:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(att->name, val); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3496:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s_%s", (val ? val : "p"), att->name); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3497:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(att->name, buf); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3975:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(argvString, argv[i]); data/eccodes-2.19.1/tools/grib_tools.c:590:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s/%s", dir, s->d_name); data/eccodes-2.19.1/tools/grib_tools.c:603:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer, "%s/*", dir); data/eccodes-2.19.1/tools/grib_tools.c:608:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s/%s", dir, fileinfo.name); data/eccodes-2.19.1/tools/grib_tools.c:935:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(value_str, format, dvalue); data/eccodes-2.19.1/tools/grib_tools.c:993:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(value, "%s", sval); data/eccodes-2.19.1/tools/grib_tools.c:1024:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(value, "%s...", ""); data/eccodes-2.19.1/tools/grib_tools.c:1094:64: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. else sprintf(value, options->format, dvalue); data/eccodes-2.19.1/tools/grib_tools.c:1140:25: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(value, options->format, dvalue); data/eccodes-2.19.1/tools/grib_tools.c:1160:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(value, notfound); data/eccodes-2.19.1/tools/grib_tools.c:1185:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(dump_file, options->format, options->values[ii]); data/eccodes-2.19.1/tools/grib_tools.c:1191:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(value, options->format, options->values[options->latlon_idx]); data/eccodes-2.19.1/tools/grib_tools.c:1226:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(value, options->format, v); data/eccodes-2.19.1/tools/gts_compare.c:65:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname, "%s_%d.gts", str, write_count); data/eccodes-2.19.1/tools/gts_compare.c:254:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(bufr, "%s%c%s", data/eccodes-2.19.1/tools/gts_dump.c:104:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "FILE: %s ", options->current_infile->name); data/eccodes-2.19.1/tools/metar_compare.c:98:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname, "%s_%d.metar", str, write_count); data/eccodes-2.19.1/tools/metar_compare.c:348:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(bufr, "%s%c%s", data/eccodes-2.19.1/tools/metar_dump.c:111:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "FILE: %s ", options->current_infile->name); data/eccodes-2.19.1/tools/taf_dump.c:105:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "FILE: %s ", options->current_infile->name); data/eccodes-2.19.1/src/codes_util.c:74:20: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char* result = getenv(name); data/eccodes-2.19.1/src/codes_util.c:119:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. result = getenv(old_name); data/eccodes-2.19.1/src/grib_accessor_class_getenv.c:162:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. v = getenv(self->name); data/eccodes-2.19.1/src/grib_context.c:229:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("ECCODES_FAIL_IF_LOG_MESSAGE")) { data/eccodes-2.19.1/src/grib_context.c:230:23: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. long n = atol(getenv("ECCODES_FAIL_IF_LOG_MESSAGE")); data/eccodes-2.19.1/src/grib_context.c:405:47: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. bufrdc_mode = getenv("ECCODES_BUFRDC_MODE_ON"); data/eccodes-2.19.1/src/grib_context.c:406:47: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. bufr_set_to_missing_if_out_of_range = getenv("ECCODES_BUFR_SET_TO_MISSING_IF_OUT_OF_RANGE"); data/eccodes-2.19.1/src/grib_context.c:407:47: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. bufr_multi_element_constant_arrays = getenv("ECCODES_BUFR_MULTI_ELEMENT_CONSTANT_ARRAYS"); data/eccodes-2.19.1/src/grib_context.c:408:47: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. grib_data_quality_checks = getenv("ECCODES_GRIB_DATA_QUALITY_CHECKS"); data/eccodes-2.19.1/src/grib_context.c:419:47: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. file_pool_max_opened_files = getenv("ECCODES_FILE_POOL_MAX_OPENED_FILES"); data/eccodes-2.19.1/src/grib_context.c:494:38: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char* defs_extra = getenv("ECCODES_EXTRA_DEFINITION_PATH"); data/eccodes-2.19.1/src/grib_context.c:517:41: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char* samples_extra = getenv("ECCODES_EXTRA_SAMPLES_PATH"); data/eccodes-2.19.1/src/grib_context.c:612:10: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. if (!realpath(path, resolved)) { data/eccodes-2.19.1/src/grib_parse_utils.c:716:24: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. grib_yydebug = getenv("YYDEBUG") != NULL; data/eccodes-2.19.1/tests/bufr_threads_ecc-604.c:101:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, "dcw")) != -1) { data/eccodes-2.19.1/tests/grib_threads_ecc-604-encode.c:59:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, "dcw")) != -1) { data/eccodes-2.19.1/tests/grib_threads_ecc-604.c:110:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, "dcw")) != -1) { data/eccodes-2.19.1/tests/packing.c:414:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand ( seed ); data/eccodes-2.19.1/tests/tests.ecmwf/grib1to2.c:14:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. int sample = getenv("SAMPLE") != NULL; data/eccodes-2.19.1/tests/tests.ecmwf/packing.c:19:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. int sample = getenv("SAMPLE") != NULL; data/eccodes-2.19.1/tests/tests.ecmwf/values.c:12:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. int sample = getenv("SAMPLE") != NULL; data/eccodes-2.19.1/tools/bufr_compare.c:508:23: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. else if (options->random) data/eccodes-2.19.1/tools/bufr_compare.c:555:46: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!options->through_index && !options->random) { data/eccodes-2.19.1/tools/codes_info.c:42:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int c = getopt(argc, argv, "vds"); data/eccodes-2.19.1/tools/codes_info.c:87:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((path = getenv("ECCODES_DEFINITION_PATH")) != NULL) { data/eccodes-2.19.1/tools/codes_info.c:92:26: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. else if ((path = getenv("GRIB_DEFINITION_PATH")) != NULL) { data/eccodes-2.19.1/tools/codes_info.c:105:20: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if((path = getenv("ECCODES_EXTRA_DEFINITION_PATH")) != NULL) { data/eccodes-2.19.1/tools/codes_info.c:110:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((path = getenv("ECCODES_SAMPLES_PATH")) != NULL) { data/eccodes-2.19.1/tools/codes_info.c:114:26: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. else if ((path = getenv("GRIB_SAMPLES_PATH")) != NULL) { data/eccodes-2.19.1/tools/codes_info.c:125:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((path = getenv("ECCODES_EXTRA_SAMPLES_PATH")) != NULL) { data/eccodes-2.19.1/tools/deprecated/dumpload.c:35:13: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((c = getopt(argc, argv,"l")) != EOF) { data/eccodes-2.19.1/tools/deprecated/grib_diff.c:409:14: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((c = getopt(argc, argv,"ep:b:")) != EOF) { data/eccodes-2.19.1/tools/deprecated/grib_error.c:221:14: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((c = getopt(argc, argv,"ae:o:")) != EOF) { data/eccodes-2.19.1/tools/deprecated/grib_packing.c:63:13: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((c = getopt(argc, argv,"2n:x:b:d:")) != EOF) { data/eccodes-2.19.1/tools/grib_compare.c:457:23: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. else if (options->random) data/eccodes-2.19.1/tools/grib_compare.c:502:46: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!options->through_index && !options->random) { data/eccodes-2.19.1/tools/grib_options.c:178:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, optstr)) != -1) { data/eccodes-2.19.1/tools/grib_to_netcdf.c:1336:23: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. dontcompare = getenv("MARS_DONT_CHECK"); data/eccodes-2.19.1/tools/grib_to_netcdf.c:2114:30: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. checkvalidtime_env = getenv("GRIB_TO_NETCDF_CHECKVALIDTIME"); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3460:48: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. metadata_dir = getenv("METADATA_DIR"); data/eccodes-2.19.1/tools/grib_tools.c:160:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("DOXYGEN_USAGE") && argc == 1) data/eccodes-2.19.1/tools/grib_tools.h:158:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. int random; data/eccodes-2.19.1/tools/gts_compare.c:349:23: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. else if (options->random) data/eccodes-2.19.1/tools/gts_compare.c:375:46: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!options->through_index && !options->random) { data/eccodes-2.19.1/tools/metar_compare.c:444:23: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. else if (options->random) data/eccodes-2.19.1/tools/metar_compare.c:470:46: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!options->through_index && !options->random) { data/eccodes-2.19.1/tools/wingetopt.c:20:5: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int getopt(int argc, char* argv[], const char* optstring) data/eccodes-2.19.1/tools/wingetopt.h:19:5: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int getopt(int argc, char* argv[], const char* optstring); data/eccodes-2.19.1/examples/C/box.c:31:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(infile, "rb"); data/eccodes-2.19.1/examples/C/bufr_attributes.c:37:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(infile, "rb"); data/eccodes-2.19.1/examples/C/bufr_clone.c:43:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(argv[1], "rb"); data/eccodes-2.19.1/examples/C/bufr_clone.c:44:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(argv[2], "wb"); data/eccodes-2.19.1/examples/C/bufr_copy_data.c:49:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(argv[1], "rb"); data/eccodes-2.19.1/examples/C/bufr_expanded.c:44:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(filename, "rb"); data/eccodes-2.19.1/examples/C/bufr_get_keys.c:37:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(infile, "rb"); data/eccodes-2.19.1/examples/C/bufr_get_string_array.c:30:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* in = fopen(infile, "rb"); data/eccodes-2.19.1/examples/C/bufr_keys_iterator.c:40:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[MAX_VAL_LEN]; data/eccodes-2.19.1/examples/C/bufr_keys_iterator.c:48:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(filename, "rb"); data/eccodes-2.19.1/examples/C/bufr_missing.c:32:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(infile, "rb"); data/eccodes-2.19.1/examples/C/bufr_pthreads.c:70:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin = fopen("../../data/bufr/syno_multi.bufr", "rb"); data/eccodes-2.19.1/examples/C/bufr_read_header.c:40:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(filename, "rb"); data/eccodes-2.19.1/examples/C/bufr_read_scatterometer.c:39:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key_name[128]; data/eccodes-2.19.1/examples/C/bufr_read_scatterometer.c:41:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(infile, "rb"); data/eccodes-2.19.1/examples/C/bufr_read_scatterometer.c:74:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(key_name, "latitude"); data/eccodes-2.19.1/examples/C/bufr_read_scatterometer.c:91:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(key_name, "longitude"); data/eccodes-2.19.1/examples/C/bufr_read_scatterometer.c:105:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(key_name, "/beamIdentifier=2/backscatter"); data/eccodes-2.19.1/examples/C/bufr_read_synop.c:39:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(infile, "rb"); data/eccodes-2.19.1/examples/C/bufr_read_temp.c:46:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key_name[128]; data/eccodes-2.19.1/examples/C/bufr_read_temp.c:48:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(infile, "rb"); data/eccodes-2.19.1/examples/C/bufr_read_temp.c:84:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(key_name, "/verticalSoundingSignificance=4/pressure"); data/eccodes-2.19.1/examples/C/bufr_read_temp.c:97:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(key_name, "/verticalSoundingSignificance=4/pressure"); data/eccodes-2.19.1/examples/C/bufr_read_temp.c:102:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(key_name, "/verticalSoundingSignificance=4/nonCoordinateGeopotential"); data/eccodes-2.19.1/examples/C/bufr_read_temp.c:123:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(key_name, "/verticalSoundingSignificance=4/airTemperature"); data/eccodes-2.19.1/examples/C/bufr_read_temp.c:134:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(key_name, "/verticalSoundingSignificance=4/dewpointTemperature"); data/eccodes-2.19.1/examples/C/bufr_set_keys.c:47:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(infile, "rb"); data/eccodes-2.19.1/examples/C/bufr_set_keys.c:48:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(argv[1], "wb"); data/eccodes-2.19.1/examples/C/bufr_subset.c:23:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[200] = {0,}; data/eccodes-2.19.1/examples/C/bufr_subset.c:33:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stringVal[100] = {0,}; data/eccodes-2.19.1/examples/C/bufr_subset.c:38:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(infile, "rb"); data/eccodes-2.19.1/examples/C/bufr_subset.c:63:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(key, "/subsetNumber=%d/blockNumber", i); data/eccodes-2.19.1/examples/C/bufr_subset.c:70:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(key, "/subsetNumber=%d/stationNumber", i); data/eccodes-2.19.1/examples/C/bufr_subset.c:74:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(key, "/subsetNumber=%d/stationOrSiteName->units", i); data/eccodes-2.19.1/examples/C/bufr_subset.c:78:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(key, "/subsetNumber=%d/stationOrSiteName", i); data/eccodes-2.19.1/examples/C/bufr_subset.c:84:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(key, "/subsetNumber=%d/airTemperature", i); data/eccodes-2.19.1/examples/C/fieldset.c:40:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char param[20] = {0,}; data/eccodes-2.19.1/examples/C/fieldset.c:41:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date[10] = {0,}; data/eccodes-2.19.1/examples/C/get_product_kind.c:37:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(infile, "rb"); data/eccodes-2.19.1/examples/C/grib_clone.c:40:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(argv[1], "rb"); data/eccodes-2.19.1/examples/C/grib_clone.c:41:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(argv[2], "wb"); data/eccodes-2.19.1/examples/C/grib_copy_message.c:37:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(argv[1], "rb"); data/eccodes-2.19.1/examples/C/grib_get_data.c:33:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(filename, "rb"); data/eccodes-2.19.1/examples/C/grib_get_keys.c:47:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(filename, "rb"); data/eccodes-2.19.1/examples/C/grib_get_keys.c:125:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file[256] = {0,}; data/eccodes-2.19.1/examples/C/grib_index.c:36:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oshortName[200]; data/eccodes-2.19.1/examples/C/grib_iterator.c:47:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(filename, "rb"); data/eccodes-2.19.1/examples/C/grib_iterator_bitmap.c:44:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(filename, "rb"); data/eccodes-2.19.1/examples/C/grib_keys_iterator.c:53:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[MAX_VAL_LEN]; data/eccodes-2.19.1/examples/C/grib_keys_iterator.c:58:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(argv[1], "rb"); data/eccodes-2.19.1/examples/C/grib_list.c:38:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(filename, "rb"); data/eccodes-2.19.1/examples/C/grib_multi.c:38:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(filename, "rb"); data/eccodes-2.19.1/examples/C/grib_multi_write.c:44:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(filename, "rb"); data/eccodes-2.19.1/examples/C/grib_multi_write.c:75:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). of = fopen(ofilename, "w"); data/eccodes-2.19.1/examples/C/grib_nearest.c:38:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char param[20] = {0,}; data/eccodes-2.19.1/examples/C/grib_nearest_multiple.c:53:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin = fopen(fname, "r"); /* Open in text mode */ data/eccodes-2.19.1/examples/C/grib_nearest_multiple.c:114:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin = fopen(fname, "r"); /* Open in text mode */ data/eccodes-2.19.1/examples/C/grib_nearest_multiple.c:132:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin = fopen(fname, "rb"); /* Open GRIB in binary mode */ data/eccodes-2.19.1/examples/C/grib_nearest_multiple.c:152:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin = fopen(fname, "r"); data/eccodes-2.19.1/examples/C/grib_precipitation.c:48:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(filename, "rb"); data/eccodes-2.19.1/examples/C/grib_precision.c:48:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(infile, "rb"); data/eccodes-2.19.1/examples/C/grib_precision.c:54:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(outfile, "wb"); data/eccodes-2.19.1/examples/C/grib_print_data.c:42:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(filename, "rb"); data/eccodes-2.19.1/examples/C/grib_pthreads.c:34:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mystring[100]; data/eccodes-2.19.1/examples/C/grib_sections_copy.c:37:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(in_name1, "rb"); data/eccodes-2.19.1/examples/C/grib_sections_copy.c:47:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(in_name2, "rb"); data/eccodes-2.19.1/examples/C/grib_set_bitmap.c:39:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(infile, "rb"); data/eccodes-2.19.1/examples/C/grib_set_bitmap.c:45:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(outfile, "wb"); data/eccodes-2.19.1/examples/C/grib_set_keys.c:27:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string_value[100]; data/eccodes-2.19.1/examples/C/grib_set_keys.c:39:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(infile, "rb"); data/eccodes-2.19.1/examples/C/grib_set_keys.c:45:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(outfile, "wb"); data/eccodes-2.19.1/examples/C/grib_set_pv.c:47:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(infile, "rb"); data/eccodes-2.19.1/examples/C/grib_set_pv.c:53:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(outfile, "wb"); data/eccodes-2.19.1/examples/C/multi2.c:58:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fp = fopen(file_path, "rb"); data/eccodes-2.19.1/examples/C/nc.c:23:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char identifier[7] = {0,}; data/eccodes-2.19.1/examples/C/new_sample.c:372:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(argv[1], "wb"); data/eccodes-2.19.1/examples/C/set_missing.c:37:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(infile, "rb"); data/eccodes-2.19.1/examples/C/set_missing.c:43:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(outfile, "wb"); data/eccodes-2.19.1/examples/C/values_check.c:24:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(infile, "rb"); data/eccodes-2.19.1/examples/python/grib_count_messages.c:58:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(filename,"rb"); data/eccodes-2.19.1/examples/python/grib_iterator.c:46:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(filename,"rb"); data/eccodes-2.19.1/examples/python/grib_keys_iterator.c:41:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[MAX_VAL_LEN]; data/eccodes-2.19.1/examples/python/grib_keys_iterator.c:46:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(argv[1],"rb"); data/eccodes-2.19.1/examples/python/grib_print_data.c:41:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(filename,"rb"); data/eccodes-2.19.1/fortran/grib_fortran.c:170:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf,fortstr,len); data/eccodes-2.19.1/fortran/grib_fortran.c:186:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf,fortstr,len); data/eccodes-2.19.1/fortran/grib_fortran.c:1006:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oper[1024]; /* GRIB-576: open mode */ data/eccodes-2.19.1/fortran/grib_fortran.c:1008:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:1020:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(cast_char(fname,name,lname),oper); data/eccodes-2.19.1/fortran/grib_fortran.c:1070:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[100]={0,}; data/eccodes-2.19.1/fortran/grib_fortran.c:1079:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(filename,"%ld_%d_error.grib",(long)pid,file_count); data/eccodes-2.19.1/fortran/grib_fortran.c:1178:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:1338:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]={0,}; data/eccodes-2.19.1/fortran/grib_fortran.c:1350:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name,buf,lsize); data/eccodes-2.19.1/fortran/grib_fortran.c:1427:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]={0,}; data/eccodes-2.19.1/fortran/grib_fortran.c:1439:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name,buf,lsize); data/eccodes-2.19.1/fortran/grib_fortran.c:1516:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:1539:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:1590:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]={0,}; data/eccodes-2.19.1/fortran/grib_fortran.c:1628:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]={0,}; data/eccodes-2.19.1/fortran/grib_fortran.c:1954:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[1024]={0,}; data/eccodes-2.19.1/fortran/grib_fortran.c:1955:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char knames[1024]={0,}; data/eccodes-2.19.1/fortran/grib_fortran.c:1985:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2006:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[1024]={0,}; data/eccodes-2.19.1/fortran/grib_fortran.c:2035:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2130:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2179:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2200:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2221:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2242:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2264:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2280:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2299:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2336:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2358:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2381:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2403:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p,bufval[i],l); data/eccodes-2.19.1/fortran/grib_fortran.c:2426:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2446:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2475:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2494:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2530:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2548:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2568:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2582:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2597:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2612:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2628:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2645:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2662:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2682:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2717:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2737:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2776:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2808:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2839:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2856:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2857:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufval[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2874:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2890:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2906:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2921:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2938:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:2955:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:3091:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:3119:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:3132:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:3152:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:3211:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:3250:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:3284:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]={0,}; data/eccodes-2.19.1/fortran/grib_fortran.c:3285:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[1024]={0,}; data/eccodes-2.19.1/fortran/grib_fortran.c:3388:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mess,h->buffer->data,h->buffer->ulength); data/eccodes-2.19.1/fortran/grib_fortran.c:3403:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufstr[1024]={0,}; data/eccodes-2.19.1/fortran/grib_fortran.c:3404:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufcall[1024]={0,}; data/eccodes-2.19.1/fortran/grib_fortran.c:3517:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/fortran/grib_fortran.c:3531:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/python/grib_interface.c:893:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(name, op); data/eccodes-2.19.1/python/grib_interface.c:1012:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024] = {0,}; data/eccodes-2.19.1/python/grib_interface.c:1025:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name, buf, lsize); data/eccodes-2.19.1/python/grib_interface.c:1081:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024] = {0,}; data/eccodes-2.19.1/python/grib_interface.c:1094:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name, buf, lsize); data/eccodes-2.19.1/python/grib_interface.c:1691:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, bufval[i], l); data/eccodes-2.19.1/python/grib_interface.c:2236:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mess, h->buffer->data, h->buffer->ulength); data/eccodes-2.19.1/python/gribapi.c:79:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/eccodes-2.19.1/python/gribapi.c:124:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/eccodes-2.19.1/python/swig_wrap_numpy.c:613:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char hex[17] = "0123456789abcdef"; data/eccodes-2.19.1/python/swig_wrap_numpy.c:765:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newstr, cstr, len+1); data/eccodes-2.19.1/python/swig_wrap_numpy.c:809:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SWIG_PYBUFFER_SIZE * 2]; data/eccodes-2.19.1/python/swig_wrap_numpy.c:1493:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result[SWIG_BUFFER_SIZE]; data/eccodes-2.19.1/python/swig_wrap_numpy.c:1860:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result[SWIG_BUFFER_SIZE]; data/eccodes-2.19.1/python/swig_wrap_numpy.c:1874:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result[SWIG_BUFFER_SIZE]; data/eccodes-2.19.1/python/swig_wrap_numpy.c:1885:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result[SWIG_BUFFER_SIZE]; data/eccodes-2.19.1/python/swig_wrap_numpy.c:2015:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pack, ptr, size); data/eccodes-2.19.1/python/swig_wrap_numpy.c:2033:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, sobj->pack, size); data/eccodes-2.19.1/python/swig_wrap_numpy.c:2573:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[256]; data/eccodes-2.19.1/python/swig_wrap_numpy.c:3203:22: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. *cptr = (char *)memcpy((char *)malloc((len + 1)*sizeof(char)), cstr, sizeof(char)*(len + 1)); data/eccodes-2.19.1/python/swig_wrap_numpy.c:3593:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dims_str[255] = ""; data/eccodes-2.19.1/python/swig_wrap_numpy.c:3594:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[255]; data/eccodes-2.19.1/python/swig_wrap_numpy.c:3606:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%d, ", exact_dimensions[i]); data/eccodes-2.19.1/python/swig_wrap_numpy.c:3609:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, " or %d", exact_dimensions[n-1]); data/eccodes-2.19.1/python/swig_wrap_numpy.c:3627:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desired_dims[255] = "["; data/eccodes-2.19.1/python/swig_wrap_numpy.c:3628:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[255]; data/eccodes-2.19.1/python/swig_wrap_numpy.c:3629:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char actual_dims[255] = "["; data/eccodes-2.19.1/python/swig_wrap_numpy.c:3643:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "*,"); data/eccodes-2.19.1/python/swig_wrap_numpy.c:3647:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%ld,", (long int)size[i]); data/eccodes-2.19.1/python/swig_wrap_numpy.c:3655:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%ld,", (long int)array_size(ary,i)); data/eccodes-2.19.1/python/swig_wrap_numpy.c:6600:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp2[1024+1] ; data/eccodes-2.19.1/python/swig_wrap_numpy.c:6643:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp2[1024+1] ; data/eccodes-2.19.1/python/swig_wrap_numpy.c:6860:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp3[1024*1024+1] ; data/eccodes-2.19.1/python/swig_wrap_numpy.c:8888:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp2[1024+1] ; data/eccodes-2.19.1/src/action_class_close.c:76:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/src/action_class_close.c:89:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "close_%p", (void*)a->filename); data/eccodes-2.19.1/src/action_class_close.c:98:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[2048] = {0,}; data/eccodes-2.19.1/src/action_class_concept.c:226:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096] = {0,}; data/eccodes-2.19.1/src/action_class_concept.c:227:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char master[1024] = {0,}; data/eccodes-2.19.1/src/action_class_concept.c:228:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local[1024] = {0,}; data/eccodes-2.19.1/src/action_class_concept.c:229:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char masterDir[1024] = {0,}; data/eccodes-2.19.1/src/action_class_concept.c:231:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[4096] = {0,}; data/eccodes-2.19.1/src/action_class_concept.c:249:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localDir[1024] = {0,}; data/eccodes-2.19.1/src/action_class_concept.c:332:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(exprVal, "%ld", lres); data/eccodes-2.19.1/src/action_class_concept.c:342:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(exprVal, "%g", dres); data/eccodes-2.19.1/src/action_class_concept.c:348:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[80]; data/eccodes-2.19.1/src/action_class_concept.c:349:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[80]; data/eccodes-2.19.1/src/action_class_concept.c:378:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strVal[64] = {0,}; data/eccodes-2.19.1/src/action_class_concept.c:379:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char exprVal[256] = {0,}; data/eccodes-2.19.1/src/action_class_hash_array.c:221:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096] = {0,}; data/eccodes-2.19.1/src/action_class_hash_array.c:222:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char master[1024] = {0,}; data/eccodes-2.19.1/src/action_class_hash_array.c:223:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local[1024] = {0,}; data/eccodes-2.19.1/src/action_class_hash_array.c:224:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ecmf[1024] = {0,}; data/eccodes-2.19.1/src/action_class_hash_array.c:225:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char masterDir[1024] = {0,}; data/eccodes-2.19.1/src/action_class_hash_array.c:227:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localDir[1024] = {0,}; data/eccodes-2.19.1/src/action_class_hash_array.c:229:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ecmfDir[1024] = {0,}; data/eccodes-2.19.1/src/action_class_hash_array.c:231:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[4096] = {0,}; data/eccodes-2.19.1/src/action_class_if.c:100:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1024]; data/eccodes-2.19.1/src/action_class_if.c:116:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "__if%p", (void*)a); data/eccodes-2.19.1/src/action_class_if.c:118:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "_if%p", (void*)a); data/eccodes-2.19.1/src/action_class_if.c:125:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char debug_info[1024]; data/eccodes-2.19.1/src/action_class_noop.c:78:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/src/action_class_noop.c:89:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "_noop%p", (void*)a); data/eccodes-2.19.1/src/action_class_print.c:82:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/src/action_class_print.c:99:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(outname, "w"); data/eccodes-2.19.1/src/action_class_print.c:109:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "print%p", (void*)a->name); data/eccodes-2.19.1/src/action_class_print.c:124:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(self->outname, "a"); data/eccodes-2.19.1/src/action_class_section.c:110:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char debug_str[1024] = {0,}; data/eccodes-2.19.1/src/action_class_set.c:85:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/src/action_class_set.c:101:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "set%p", (void*)expression); data/eccodes-2.19.1/src/action_class_set_darray.c:84:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/src/action_class_set_darray.c:99:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "set_darray%p", (void*)darray); data/eccodes-2.19.1/src/action_class_set_iarray.c:84:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/src/action_class_set_iarray.c:99:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "set_iarray%p", (void*)iarray); data/eccodes-2.19.1/src/action_class_set_missing.c:80:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/src/action_class_set_sarray.c:84:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/src/action_class_set_sarray.c:99:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "set_sarray%p", (void*)sarray); data/eccodes-2.19.1/src/action_class_switch.c:95:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1024]; data/eccodes-2.19.1/src/action_class_switch.c:109:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "_switch%p", (void*)a); data/eccodes-2.19.1/src/action_class_switch.c:144:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[80]; data/eccodes-2.19.1/src/action_class_switch.c:145:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[80]; data/eccodes-2.19.1/src/action_class_template.c:146:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[1024] = {0,}; data/eccodes-2.19.1/src/action_class_template.c:200:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[1024]; data/eccodes-2.19.1/src/action_class_trigger.c:93:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1024]; data/eccodes-2.19.1/src/action_class_trigger.c:99:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "_trigger%p", (void*)act); data/eccodes-2.19.1/src/action_class_when.c:95:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1024]; data/eccodes-2.19.1/src/action_class_when.c:110:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "_when%p", (void*)expression); data/eccodes-2.19.1/src/action_class_while.c:141:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[80]; data/eccodes-2.19.1/src/action_class_while.c:151:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "_while%p", (void*)a); data/eccodes-2.19.1/src/action_class_write.c:85:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/src/action_class_write.c:98:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "write%p", (void*)a->name); data/eccodes-2.19.1/src/action_class_write.c:114:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[1024] = {0,}; data/eccodes-2.19.1/src/action_class_write.c:180:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gts_trailer[4] = { '\x0D', '\x0D', '\x0A', '\x03' }; data/eccodes-2.19.1/src/bufr_keys_iterator.c:150:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(prefix, "->"); data/eccodes-2.19.1/src/bufr_keys_iterator.c:209:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(ret, "->"); data/eccodes-2.19.1/src/bufr_util.c:269:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[IDENT_LEN] = {0,}; data/eccodes-2.19.1/src/bufr_util.c:625:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(filename, "rb"); data/eccodes-2.19.1/src/bufr_util.c:784:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char full_path[2014] = {0,}; data/eccodes-2.19.1/src/bufr_util.c:785:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/eccodes-2.19.1/src/bufr_util.c:799:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char abbreviation[32] = {0,}; data/eccodes-2.19.1/src/bufr_util.c:851:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%lu", bh->message_offset); data/eccodes-2.19.1/src/bufr_util.c:853:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%lu", bh->message_offset); data/eccodes-2.19.1/src/bufr_util.c:855:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%lu", bh->message_size); data/eccodes-2.19.1/src/bufr_util.c:857:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%lu", bh->message_size); data/eccodes-2.19.1/src/bufr_util.c:859:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->edition); data/eccodes-2.19.1/src/bufr_util.c:861:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->masterTableNumber); data/eccodes-2.19.1/src/bufr_util.c:863:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->bufrHeaderSubCentre); data/eccodes-2.19.1/src/bufr_util.c:865:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->bufrHeaderCentre); data/eccodes-2.19.1/src/bufr_util.c:872:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->bufrHeaderCentre); data/eccodes-2.19.1/src/bufr_util.c:876:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->updateSequenceNumber); data/eccodes-2.19.1/src/bufr_util.c:878:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->dataCategory); data/eccodes-2.19.1/src/bufr_util.c:880:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->dataSubCategory); data/eccodes-2.19.1/src/bufr_util.c:882:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->masterTablesVersionNumber); data/eccodes-2.19.1/src/bufr_util.c:884:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->localTablesVersionNumber); data/eccodes-2.19.1/src/bufr_util.c:886:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->typicalYear); data/eccodes-2.19.1/src/bufr_util.c:888:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->typicalMonth); data/eccodes-2.19.1/src/bufr_util.c:890:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->typicalDay); data/eccodes-2.19.1/src/bufr_util.c:892:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->typicalHour); data/eccodes-2.19.1/src/bufr_util.c:894:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->typicalMinute); data/eccodes-2.19.1/src/bufr_util.c:896:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->typicalSecond); data/eccodes-2.19.1/src/bufr_util.c:898:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%06ld", bh->typicalDate); data/eccodes-2.19.1/src/bufr_util.c:900:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%06ld", bh->typicalTime); data/eccodes-2.19.1/src/bufr_util.c:902:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->internationalDataSubCategory); data/eccodes-2.19.1/src/bufr_util.c:904:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->localSectionPresent); data/eccodes-2.19.1/src/bufr_util.c:906:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->ecmwfLocalSectionPresent); data/eccodes-2.19.1/src/bufr_util.c:911:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->rdbType); data/eccodes-2.19.1/src/bufr_util.c:917:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->oldSubtype); data/eccodes-2.19.1/src/bufr_util.c:929:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->localYear); data/eccodes-2.19.1/src/bufr_util.c:935:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->localMonth); data/eccodes-2.19.1/src/bufr_util.c:941:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->localDay); data/eccodes-2.19.1/src/bufr_util.c:947:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->localHour); data/eccodes-2.19.1/src/bufr_util.c:953:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->localMinute); data/eccodes-2.19.1/src/bufr_util.c:959:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->localSecond); data/eccodes-2.19.1/src/bufr_util.c:965:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->rdbtimeDay); data/eccodes-2.19.1/src/bufr_util.c:971:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->rdbtimeHour); data/eccodes-2.19.1/src/bufr_util.c:977:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->rdbtimeMinute); data/eccodes-2.19.1/src/bufr_util.c:983:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->rdbtimeSecond); data/eccodes-2.19.1/src/bufr_util.c:989:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->rectimeDay); data/eccodes-2.19.1/src/bufr_util.c:995:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->rectimeHour); data/eccodes-2.19.1/src/bufr_util.c:1001:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->rectimeMinute); data/eccodes-2.19.1/src/bufr_util.c:1007:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->rectimeSecond); data/eccodes-2.19.1/src/bufr_util.c:1013:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->isSatellite); data/eccodes-2.19.1/src/bufr_util.c:1019:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%g", bh->localLongitude1); data/eccodes-2.19.1/src/bufr_util.c:1025:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%g", bh->localLatitude1); data/eccodes-2.19.1/src/bufr_util.c:1031:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%g", bh->localLongitude2); data/eccodes-2.19.1/src/bufr_util.c:1037:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%g", bh->localLatitude2); data/eccodes-2.19.1/src/bufr_util.c:1043:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%g", bh->localLatitude); data/eccodes-2.19.1/src/bufr_util.c:1049:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%g", bh->localLongitude); data/eccodes-2.19.1/src/bufr_util.c:1055:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->qualityControl); data/eccodes-2.19.1/src/bufr_util.c:1061:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->newSubtype); data/eccodes-2.19.1/src/bufr_util.c:1067:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->rdbSubtype); data/eccodes-2.19.1/src/bufr_util.c:1073:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->daLoop); data/eccodes-2.19.1/src/bufr_util.c:1079:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->localNumberOfObservations); data/eccodes-2.19.1/src/bufr_util.c:1085:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->satelliteID); data/eccodes-2.19.1/src/bufr_util.c:1091:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%lu", bh->numberOfSubsets); data/eccodes-2.19.1/src/bufr_util.c:1093:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->observedData); data/eccodes-2.19.1/src/bufr_util.c:1095:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. *len = sprintf(val, "%ld", bh->compressedData); data/eccodes-2.19.1/src/codes_memfs.c:24:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return fopen(name, mode); data/eccodes-2.19.1/src/codes_memfs.c:32:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return fopen(name, mode); data/eccodes-2.19.1/src/codes_memfs.c:52:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return fopen(name, mode); data/eccodes-2.19.1/src/deprecated/grib_accessor_class_bufr_data.c:463:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]={0,}; data/eccodes-2.19.1/src/deprecated/grib_accessor_class_bufr_data.c:488:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf,"codetable %ld",self->expandedDescriptors[i]); data/eccodes-2.19.1/src/deprecated/grib_accessor_class_bufr_data.c:723:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1024]={0,}; data/eccodes-2.19.1/src/grib_accessor.c:743:33: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. basename = (char*)memcpy(basename, name, size); data/eccodes-2.19.1/src/grib_accessor_class_apply_operators.c:631:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_apply_operators.c:633:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%ld", v[i]); data/eccodes-2.19.1/src/grib_accessor_class_apply_operators.c:641:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_apply_operators.c:643:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%g", v[i]); data/eccodes-2.19.1/src/grib_accessor_class_ascii.c:218:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_ascii.c:246:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[1024]; data/eccodes-2.19.1/src/grib_accessor_class_bitmap.c:206:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[1024]; data/eccodes-2.19.1/src/grib_accessor_class_bitmap.c:210:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(label, "Bitmap of %ld values", len); data/eccodes-2.19.1/src/grib_accessor_class_bits.c:345:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(v, "%ld", lval); data/eccodes-2.19.1/src/grib_accessor_class_bits.c:351:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(v, "%g", dval); data/eccodes-2.19.1/src/grib_accessor_class_bits.c:376:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, grib_handle_of_accessor(a)->buffer->data + a->offset, *len); data/eccodes-2.19.1/src/grib_accessor_class_blob.c:150:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, grib_handle_of_accessor(a)->buffer->data + a->offset, *len); data/eccodes-2.19.1/src/grib_accessor_class_bufr_data_array.c:1942:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[10] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_bufr_data_array.c:2008:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(code, "%06ld", self->expanded->v[idx]->code); data/eccodes-2.19.1/src/grib_accessor_class_bufr_data_array.c:2068:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(code, "%06ld", self->expanded->v[idx]->code); data/eccodes-2.19.1/src/grib_accessor_class_bufr_data_array.c:2094:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(code, "%06ld", self->expanded->v[idx]->code); data/eccodes-2.19.1/src/grib_accessor_class_bufr_data_element.c:353:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sval[100] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_bufr_data_element.c:362:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sval, "%g", dval); data/eccodes-2.19.1/src/grib_accessor_class_bufr_elements_table.c:188:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_bufr_elements_table.c:189:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char masterDir[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_bufr_elements_table.c:190:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localDir[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_bufr_elements_table.c:191:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dictName[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_bufr_elements_table.c:214:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[4096] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_bufr_elements_table.c:215:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recomposed[4096] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_bufr_elements_table.c:225:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localRecomposed[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_bufr_elements_table.c:226:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localName[2048] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_bufr_elements_table.c:339:12: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atol(input); data/eccodes-2.19.1/src/grib_accessor_class_bufr_elements_table.c:345:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[7] = { 0 }; data/eccodes-2.19.1/src/grib_accessor_class_bufr_elements_table.c:351:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(code, "%06ld", v->code); data/eccodes-2.19.1/src/grib_accessor_class_bufr_elements_table.c:377:20: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). v->width = atol(list[7]); data/eccodes-2.19.1/src/grib_accessor_class_bufr_extract_area_subsets.c:199:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char latstr[20] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_bufr_extract_area_subsets.c:200:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lonstr[20] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_bufr_extract_area_subsets.c:220:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(lonstr, "#%ld#longitude", lonRank); data/eccodes-2.19.1/src/grib_accessor_class_bufr_extract_area_subsets.c:224:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(latstr, "#%ld#latitude", latRank); data/eccodes-2.19.1/src/grib_accessor_class_bufr_extract_area_subsets.c:245:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(latstr, "#%ld#latitude", i + 1); data/eccodes-2.19.1/src/grib_accessor_class_bufr_extract_area_subsets.c:275:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(lonstr, "#%ld#longitude", i + 1); data/eccodes-2.19.1/src/grib_accessor_class_bufr_extract_datetime_subsets.c:208:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keystr[20] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_bufr_extract_datetime_subsets.c:236:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char start_str[80] = {0,}, end_str[80] = {0,}, datetime_str[80] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_bufr_extract_datetime_subsets.c:246:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yearstr[20] = "year"; data/eccodes-2.19.1/src/grib_accessor_class_bufr_extract_datetime_subsets.c:247:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char monthstr[20] = "month"; data/eccodes-2.19.1/src/grib_accessor_class_bufr_extract_datetime_subsets.c:248:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char daystr[20] = "day"; data/eccodes-2.19.1/src/grib_accessor_class_bufr_extract_datetime_subsets.c:249:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hourstr[20] = "hour"; data/eccodes-2.19.1/src/grib_accessor_class_bufr_extract_datetime_subsets.c:250:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char minutestr[20] = "minute"; data/eccodes-2.19.1/src/grib_accessor_class_bufr_extract_datetime_subsets.c:251:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char secondstr[20] = "second"; data/eccodes-2.19.1/src/grib_accessor_class_bufr_extract_datetime_subsets.c:271:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(yearstr, "#%ld#year", yearRank); data/eccodes-2.19.1/src/grib_accessor_class_bufr_extract_datetime_subsets.c:276:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(monthstr, "#%ld#month", monthRank); data/eccodes-2.19.1/src/grib_accessor_class_bufr_extract_datetime_subsets.c:281:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(daystr, "#%ld#day", dayRank); data/eccodes-2.19.1/src/grib_accessor_class_bufr_extract_datetime_subsets.c:286:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(hourstr, "#%ld#hour", hourRank); data/eccodes-2.19.1/src/grib_accessor_class_bufr_extract_datetime_subsets.c:291:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(minutestr, "#%ld#minute", minuteRank); data/eccodes-2.19.1/src/grib_accessor_class_bufr_extract_datetime_subsets.c:296:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(secondstr, "#%ld#second", secondRank); data/eccodes-2.19.1/src/grib_accessor_class_bufr_extract_datetime_subsets.c:348:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(secondstr, "#%ld#second", i + 1); data/eccodes-2.19.1/src/grib_accessor_class_bufr_extract_datetime_subsets.c:383:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(start_str, "%04ld/%02ld/%02ld %02ld:%02ld:%02ld", yearStart, monthStart, dayStart, hourStart, minuteStart, secondStart); data/eccodes-2.19.1/src/grib_accessor_class_bufr_extract_datetime_subsets.c:408:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(end_str, "%04ld/%02ld/%02ld %02ld:%02ld:%02ld", yearEnd, monthEnd, dayEnd, hourEnd, minuteEnd, secondEnd); data/eccodes-2.19.1/src/grib_accessor_class_bufr_extract_datetime_subsets.c:421:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(datetime_str, "%04ld/%02ld/%02ld %02ld:%02ld:%.3f", year[i], month[i], day[i], hour[i], minute[i], second[i]); data/eccodes-2.19.1/src/grib_accessor_class_bufrdc_expanded_descriptors.c:206:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[25] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_bufrdc_expanded_descriptors.c:222:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%06ld", v[i]); data/eccodes-2.19.1/src/grib_accessor_class_bytes.c:171:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%02x", *(p++)); data/eccodes-2.19.1/src/grib_accessor_class_codeflag.c:158:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[1024]; data/eccodes-2.19.1/src/grib_accessor_class_codeflag.c:159:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bval[50]; data/eccodes-2.19.1/src/grib_accessor_class_codeflag.c:160:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char num[50]; data/eccodes-2.19.1/src/grib_accessor_class_codeflag.c:162:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/eccodes-2.19.1/src/grib_accessor_class_codeflag.c:170:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(codename, "Cannot open flag table"); data/eccodes-2.19.1/src/grib_accessor_class_codeflag.c:177:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(codename, "Cannot open flag table"); data/eccodes-2.19.1/src/grib_accessor_class_codeflag.c:183:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(codename,": "); data/eccodes-2.19.1/src/grib_accessor_class_codeflag.c:191:49: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((test_bit(code, a->length * 8 - atol(num)) > 0) == atol(bval)) { data/eccodes-2.19.1/src/grib_accessor_class_codeflag.c:191:68: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((test_bit(code, a->length * 8 - atol(num)) > 0) == atol(bval)) { data/eccodes-2.19.1/src/grib_accessor_class_codeflag.c:232:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flagname[1024]; data/eccodes-2.19.1/src/grib_accessor_class_codeflag.c:233:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[1024]; data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:226:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:301:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recomposed[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:302:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localRecomposed[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:304:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char masterDir[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:305:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localDir[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:316:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[2048] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:327:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localName[2048] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:396:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:422:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char abbreviation[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:423:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char title[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:548:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char comment[2048]; data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:570:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int b = atol(table->entries[value].abbreviation); data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:577:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(comment, " ("); data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:579:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(comment, ") "); data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:583:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(comment, "Unknown code table entry"); data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:587:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(comment, "Unknown code table entry"); data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:590:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(comment, " ("); data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:594:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(comment, " , "); data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:598:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(comment, ") "); data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:611:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:628:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%d", (int)value); data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:696:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:744:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/eccodes-2.19.1/src/grib_accessor_class_codetable_title.c:171:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/eccodes-2.19.1/src/grib_accessor_class_codetable_title.c:185:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%d", (int)value); data/eccodes-2.19.1/src/grib_accessor_class_codetable_units.c:170:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/eccodes-2.19.1/src/grib_accessor_class_codetable_units.c:183:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%d", (int)value); data/eccodes-2.19.1/src/grib_accessor_class_concept.c:192:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[80]; data/eccodes-2.19.1/src/grib_accessor_class_concept.c:193:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[80]; data/eccodes-2.19.1/src/grib_accessor_class_concept.c:421:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[80]; data/eccodes-2.19.1/src/grib_accessor_class_concept.c:423:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%ld", *val); data/eccodes-2.19.1/src/grib_accessor_class_concept.c:523:12: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *val = atol(p); data/eccodes-2.19.1/src/grib_accessor_class_concept.c:638:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_data_2order_packing.c:226:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char BitsSetTable256[256] = { data/eccodes-2.19.1/src/grib_accessor_class_data_2order_packing.c:233:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char left_mask[8] = { 0, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe }; data/eccodes-2.19.1/src/grib_accessor_class_data_2order_packing.c:234:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char right_mask[8] = { 0, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe }; data/eccodes-2.19.1/src/grib_accessor_class_data_g22order_packing.c:753:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char packingType[254] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_data_jpeg2000_packing.c:541:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* f = fopen(self->dump_jpg, "w"); data/eccodes-2.19.1/src/grib_accessor_class_data_png_packing.c:203:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, p->buffer + p->offset, length); data/eccodes-2.19.1/src/grib_accessor_class_data_png_packing.c:211:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->buffer + p->offset, data, length); data/eccodes-2.19.1/src/grib_accessor_class_dictionary.c:162:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_dictionary.c:163:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_dictionary.c:164:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char masterDir[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_dictionary.c:165:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localDir[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_dictionary.c:166:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dictName[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_dictionary.c:185:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[2048] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_dictionary.c:186:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recomposed[2048] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_dictionary.c:196:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localName[2048] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_dictionary.c:197:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localRecomposed[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_dictionary.c:240:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(list, line, strlen(line)); data/eccodes-2.19.1/src/grib_accessor_class_dictionary.c:261:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(list, line, strlen(line)); data/eccodes-2.19.1/src/grib_accessor_class_dictionary.c:291:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_dictionary.c:333:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, start, rsize); data/eccodes-2.19.1/src/grib_accessor_class_dictionary.c:361:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_dictionary.c:368:12: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *val = atol(buffer); data/eccodes-2.19.1/src/grib_accessor_class_dictionary.c:377:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_double.c:145:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char repres[1024]; data/eccodes-2.19.1/src/grib_accessor_class_double.c:150:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(repres, "MISSING"); data/eccodes-2.19.1/src/grib_accessor_class_double.c:152:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(repres, "%g", val); data/eccodes-2.19.1/src/grib_accessor_class_expanded_descriptors.c:402:17: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(au->shortName, "associatedField"); data/eccodes-2.19.1/src/grib_accessor_class_expanded_descriptors.c:404:17: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(au->units, "associated units"); data/eccodes-2.19.1/src/grib_accessor_class_expanded_descriptors.c:595:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[50] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_expanded_descriptors.c:644:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(key, "%ld_%ld_%ld_%ld_%ld", centre, masterTablesVersionNumber, localTablesVersionNumber, masterTablesNumber, u[0]); data/eccodes-2.19.1/src/grib_accessor_class_g1area.c:241:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(val, "N:%3.5f W:%3.5f S:%3.5f E:%3.5f", ((float)laf), ((float)lof), ((float)lal), ((float)lol)); data/eccodes-2.19.1/src/grib_accessor_class_g1bitmap.c:222:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(val, buf + offset, length); data/eccodes-2.19.1/src/grib_accessor_class_g1date.c:264:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/eccodes-2.19.1/src/grib_accessor_class_g1date.c:294:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%ld", x); data/eccodes-2.19.1/src/grib_accessor_class_g1day_of_the_year_date.c:157:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/eccodes-2.19.1/src/grib_accessor_class_g1day_of_the_year_date.c:181:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%04ld-%03ld", fullyear, fake_day_of_year); data/eccodes-2.19.1/src/grib_accessor_class_g1end_of_interval_monthly.c:161:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char verifyingMonth[7] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_g1end_of_interval_monthly.c:173:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). date = atoi(verifyingMonth); data/eccodes-2.19.1/src/grib_accessor_class_g1fcperiod.c:145:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/eccodes-2.19.1/src/grib_accessor_class_g1fcperiod.c:152:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%ld-%ld", start / 24, theEnd / 24); data/eccodes-2.19.1/src/grib_accessor_class_g1step_range.c:235:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stepType[20] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_g1step_range.c:280:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(stepType, "unknown"); data/eccodes-2.19.1/src/grib_accessor_class_g1step_range.c:329:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/eccodes-2.19.1/src/grib_accessor_class_g1step_range.c:335:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stepType[20] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_g1step_range.c:341:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char step_unit_string[10]; data/eccodes-2.19.1/src/grib_accessor_class_g1step_range.c:371:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(stepType, "unknown"); data/eccodes-2.19.1/src/grib_accessor_class_g1step_range.c:379:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%ld", start); data/eccodes-2.19.1/src/grib_accessor_class_g1step_range.c:385:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%ld", start); data/eccodes-2.19.1/src/grib_accessor_class_g1step_range.c:400:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%ld", theEnd); data/eccodes-2.19.1/src/grib_accessor_class_g1step_range.c:403:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%ld-%ld", start, theEnd); data/eccodes-2.19.1/src/grib_accessor_class_g1step_range.c:418:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(val, buf, size); data/eccodes-2.19.1/src/grib_accessor_class_g1step_range.c:487:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stepType[20] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_g1step_range.c:496:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(stepType, "unknown"); data/eccodes-2.19.1/src/grib_accessor_class_g1step_range.c:656:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[256]; data/eccodes-2.19.1/src/grib_accessor_class_g1step_range.c:658:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sval[100] = { 0 }; data/eccodes-2.19.1/src/grib_accessor_class_g1step_range.c:662:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stepType[20] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_g1step_range.c:673:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(stepType, "unknown"); data/eccodes-2.19.1/src/grib_accessor_class_g1step_range.c:681:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff, "%ld", *val); data/eccodes-2.19.1/src/grib_accessor_class_g1step_range.c:698:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff, "%ld", *val); data/eccodes-2.19.1/src/grib_accessor_class_g1step_range.c:718:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff, "%ld", *val); data/eccodes-2.19.1/src/grib_accessor_class_g1step_range.c:733:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[100]; data/eccodes-2.19.1/src/grib_accessor_class_g2_aerosol.c:175:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stepType[15] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_g2_chemical.c:175:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stepType[15] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_g2_eps.c:186:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stepType[15] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_g2_mars_labeling.c:231:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stepType[30] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_g2end_step.c:246:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strExpVer[50] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_g2level.c:165:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pressure_units[10] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_g2level.c:246:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pressure_units[10] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_g2level.c:293:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pressure_units[10] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_g2step_range.c:162:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/eccodes-2.19.1/src/grib_accessor_class_g2step_range.c:172:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%ld", start); data/eccodes-2.19.1/src/grib_accessor_class_g2step_range.c:180:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%ld", theEnd); data/eccodes-2.19.1/src/grib_accessor_class_g2step_range.c:183:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%ld-%ld", start, theEnd); data/eccodes-2.19.1/src/grib_accessor_class_g2step_range.c:194:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(val, buf, size); data/eccodes-2.19.1/src/grib_accessor_class_g2step_range.c:239:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[100]; data/eccodes-2.19.1/src/grib_accessor_class_g2step_range.c:242:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff, "%ld", *val); data/eccodes-2.19.1/src/grib_accessor_class_g2step_range.c:248:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[100]; data/eccodes-2.19.1/src/grib_accessor_class_gaussian_grid_name.c:162:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAX_GRIDNAME_LEN] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_gaussian_grid_name.c:176:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "O%ld", N); data/eccodes-2.19.1/src/grib_accessor_class_gaussian_grid_name.c:179:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "N%ld", N); data/eccodes-2.19.1/src/grib_accessor_class_gaussian_grid_name.c:184:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "F%ld", N); data/eccodes-2.19.1/src/grib_accessor_class_gen.c:156:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/eccodes-2.19.1/src/grib_accessor_class_gen.c:254:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(val, buf + offset, length); data/eccodes-2.19.1/src/grib_accessor_class_gen.c:287:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[1024]; data/eccodes-2.19.1/src/grib_accessor_class_gen.c:320:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[1024]; data/eccodes-2.19.1/src/grib_accessor_class_gen.c:347:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(v, "%g", val); data/eccodes-2.19.1/src/grib_accessor_class_gen.c:357:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(v, "%ld", val); data/eccodes-2.19.1/src/grib_accessor_class_gen.c:412:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/eccodes-2.19.1/src/grib_accessor_class_group.c:241:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_group.c:269:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[1024]; data/eccodes-2.19.1/src/grib_accessor_class_gts_header.c:161:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(val, "missing"); data/eccodes-2.19.1/src/grib_accessor_class_gts_header.c:170:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(val, h->gts_header + offset, length); data/eccodes-2.19.1/src/grib_accessor_class_hash_array.c:163:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[200] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_hash_array.c:164:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%g", *val); data/eccodes-2.19.1/src/grib_accessor_class_hash_array.c:173:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[200] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_hash_array.c:174:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%ld", *val); data/eccodes-2.19.1/src/grib_accessor_class_julian_date.c:73:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sep[5]; data/eccodes-2.19.1/src/grib_accessor_class_julian_date.c:354:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(val, "%04ld%c%02ld%c%02ld%c%02ld%c%02ld%c%02ld", year, sep[0], month, sep[1], day, sep[2], hour, sep[3], minute, sep[4], second); data/eccodes-2.19.1/src/grib_accessor_class_julian_date.c:357:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(val, "%04ld%02ld%02ld%c%02ld%02ld%02ld", year, month, day, sep[0], hour, minute, second); data/eccodes-2.19.1/src/grib_accessor_class_julian_date.c:360:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(val, "%04ld%02ld%02ld%02ld%02ld%02ld", year, month, day, hour, minute, second); data/eccodes-2.19.1/src/grib_accessor_class_julian_date.c:478:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/eccodes-2.19.1/src/grib_accessor_class_ksec1expver.c:146:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expver[5]; data/eccodes-2.19.1/src/grib_accessor_class_ksec1expver.c:147:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char refexpver[5]; data/eccodes-2.19.1/src/grib_accessor_class_ksec1expver.c:210:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sval[5] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_ksec1expver.c:212:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sval, "%04d", (int)(*val)); data/eccodes-2.19.1/src/grib_accessor_class_library_version.c:132:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result[30] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_library_version.c:139:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(result, "%d.%d.%d", major, minor, revision); data/eccodes-2.19.1/src/grib_accessor_class_local_definition.c:197:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stepType[15] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_long.c:148:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char repres[1024]; data/eccodes-2.19.1/src/grib_accessor_class_long.c:157:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(repres, "MISSING"); data/eccodes-2.19.1/src/grib_accessor_class_long.c:159:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(repres, "%ld", val); data/eccodes-2.19.1/src/grib_accessor_class_lookup.c:164:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bytes[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_lookup.c:165:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_lookup.c:166:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2048]; data/eccodes-2.19.1/src/grib_accessor_class_lookup.c:190:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bytes[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_lookup.c:209:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[5]; data/eccodes-2.19.1/src/grib_accessor_class_lookup.c:210:24: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. int conv = sprintf(str, "%ld", lval); data/eccodes-2.19.1/src/grib_accessor_class_mars_param.c:206:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(val, "%ld.%ld", param, table); data/eccodes-2.19.1/src/grib_accessor_class_mars_step.c:148:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stepType[100]; data/eccodes-2.19.1/src/grib_accessor_class_mars_step.c:150:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_mars_step.c:175:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_mars_step.c:210:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[100] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_mars_step.c:213:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff, "%ld", *val); data/eccodes-2.19.1/src/grib_accessor_class_md5.c:223:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mess, grib_handle_of_accessor(a)->buffer->data + offset, length); data/eccodes-2.19.1/src/grib_accessor_class_message_copy.c:163:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(val, grib_handle_of_accessor(a)->buffer->data, slen); data/eccodes-2.19.1/src/grib_accessor_class_non_alpha.c:216:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_non_alpha.c:244:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[1024]; data/eccodes-2.19.1/src/grib_accessor_class_offset_file.c:153:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char repres[1024]; data/eccodes-2.19.1/src/grib_accessor_class_offset_file.c:157:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(repres, "%.0f", val); data/eccodes-2.19.1/src/grib_accessor_class_proj_string.c:186:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(result, "+R=%lf", major); /* spherical */ data/eccodes-2.19.1/src/grib_accessor_class_proj_string.c:188:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(result, "+a=%lf +b=%lf", major, minor); /*oblate*/ data/eccodes-2.19.1/src/grib_accessor_class_proj_string.c:195:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shape[64] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_proj_string.c:223:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shape[64] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_proj_string.c:244:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shape[64] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_proj_string.c:264:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shape[64] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_proj_string.c:284:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shape[64] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_proj_string.c:316:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grid_type[64] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_proj_string.c:330:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(v, "EPSG:4326"); data/eccodes-2.19.1/src/grib_accessor_class_raw.c:202:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, grib_handle_of_accessor(a)->buffer->data + a->offset, *len); data/eccodes-2.19.1/src/grib_accessor_class_round.c:163:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result[1024]; data/eccodes-2.19.1/src/grib_accessor_class_round.c:171:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(result, "%.3f", value); data/eccodes-2.19.1/src/grib_accessor_class_section_pointer.c:187:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(v, "%ld_%ld", grib_byte_offset(a), grib_byte_count(a)); data/eccodes-2.19.1/src/grib_accessor_class_sexagesimal2decimal.c:159:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[512] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_sexagesimal2decimal.c:184:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dd = atoi(q); data/eccodes-2.19.1/src/grib_accessor_class_sexagesimal2decimal.c:195:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mm = atoi(q) / 60.0; data/eccodes-2.19.1/src/grib_accessor_class_sexagesimal2decimal.c:204:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mm = atoi(q) / 60.0; data/eccodes-2.19.1/src/grib_accessor_class_sexagesimal2decimal.c:212:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mm = atoi(q) / 60.0; data/eccodes-2.19.1/src/grib_accessor_class_sexagesimal2decimal.c:257:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff, "%.2f", dd); data/eccodes-2.19.1/src/grib_accessor_class_smart_table.c:224:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[2048] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_smart_table.c:225:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recomposed[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_smart_table.c:226:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localRecomposed[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_smart_table.c:228:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extraRecomposed[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_smart_table.c:230:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localName[2048] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_smart_table.c:231:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char masterDir[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_smart_table.c:232:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localDir[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_smart_table.c:233:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extraDir[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_smart_table.c:234:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extraTable[2048] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_smart_table.c:310:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_smart_table.c:368:16: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). code = atol(s); data/eccodes-2.19.1/src/grib_accessor_class_smart_table.c:441:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/eccodes-2.19.1/src/grib_accessor_class_smart_table.c:455:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%d", (int)value); data/eccodes-2.19.1/src/grib_accessor_class_smart_table_column.c:194:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_smart_table_column.c:230:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%d", (int)code[i]); data/eccodes-2.19.1/src/grib_accessor_class_smart_table_column.c:285:22: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). val[i] = atol(table->entries[code[i]].column[self->index]); data/eccodes-2.19.1/src/grib_accessor_class_sprintf.c:148:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result[1024]; data/eccodes-2.19.1/src/grib_accessor_class_sprintf.c:149:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempBuffer[2048]; data/eccodes-2.19.1/src/grib_accessor_class_sprintf.c:150:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sres[1024]; data/eccodes-2.19.1/src/grib_accessor_class_step_human_readable.c:172:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(result, "%ldh %ldm %lds", hour, minute, second); data/eccodes-2.19.1/src/grib_accessor_class_step_human_readable.c:174:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (minute) sprintf(result, "%ldh %ldm", hour, minute); data/eccodes-2.19.1/src/grib_accessor_class_step_human_readable.c:175:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf(result, "%ldh", hour); data/eccodes-2.19.1/src/grib_accessor_class_time.c:235:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(val, "%04ld", v); data/eccodes-2.19.1/src/grib_accessor_class_to_double.c:206:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[512] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_to_double.c:226:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(val, buff + self->start, length); data/eccodes-2.19.1/src/grib_accessor_class_to_double.c:253:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_to_double.c:273:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_to_integer.c:201:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[512] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_to_integer.c:221:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(val, buff + self->start, length); data/eccodes-2.19.1/src/grib_accessor_class_to_integer.c:247:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_to_string.c:201:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[512] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_to_string.c:221:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(val, buff + self->start, length); data/eccodes-2.19.1/src/grib_accessor_class_to_string.c:247:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[1024] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_trim.c:157:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char input[256] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_trim.c:173:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char input[256] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_trim.c:176:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256] = {0,}; data/eccodes-2.19.1/src/grib_accessor_class_variable.c:174:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/eccodes-2.19.1/src/grib_accessor_class_variable.c:303:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[80]; data/eccodes-2.19.1/src/grib_accessor_class_variable.c:311:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(p, "%g", self->dval); data/eccodes-2.19.1/src/grib_api.h:1622:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ident[9]; data/eccodes-2.19.1/src/grib_api_internal.h:823:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shortName[128]; data/eccodes-2.19.1/src/grib_api_internal.h:824:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char units[128]; data/eccodes-2.19.1/src/grib_api_internal.h:1166:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[80]; data/eccodes-2.19.1/src/grib_api_internal.h:1368:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[STRING_VALUE_LEN]; data/eccodes-2.19.1/src/grib_api_internal.h:1478:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char in[64]; data/eccodes-2.19.1/src/grib_bits_any_endian.c:98:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[512] = {0,}; data/eccodes-2.19.1/src/grib_bits_any_endian.c:104:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, string, strlen(string)); data/eccodes-2.19.1/src/grib_bits_any_endian.c:114:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, str, numberOfCharacters); data/eccodes-2.19.1/src/grib_bits_any_endian.c:147:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(string, bitStream + byteOffset, numberOfCharacters); data/eccodes-2.19.1/src/grib_bits_fast_big_endian.c:68:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, string, numberOfCharacters); data/eccodes-2.19.1/src/grib_bits_fast_big_endian.c:102:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(string, bitStream + byteOffset, numberOfCharacters); data/eccodes-2.19.1/src/grib_bits_fast_big_endian_vector.c:37:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x, p + bitpv / 8, sizel * sizeof(*x)); data/eccodes-2.19.1/src/grib_bits_fast_big_endian_vector.c:136:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x, p + bitpv / 8, sizel * sizeof(*x)); data/eccodes-2.19.1/src/grib_bits_fast_big_endian_vector.c:228:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x, p + bitpv / 8, sizel * sizeof(*x)); data/eccodes-2.19.1/src/grib_bits_fast_big_endian_vector.c:322:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p + *bitp, destination, nbytes); data/eccodes-2.19.1/src/grib_bits_fast_big_endian_vector.c:384:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p + *bitp, destination, nbytes); data/eccodes-2.19.1/src/grib_bits_ibmpow_opt.c:183:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c[sizeof(long)]; \ data/eccodes-2.19.1/src/grib_buffer.c:24:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newdata, b->data, b->length); data/eccodes-2.19.1/src/grib_buffer.c:87:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newdata, b->data, b->length); data/eccodes-2.19.1/src/grib_buffer.c:253:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer->data + offset, data, newsize); data/eccodes-2.19.1/src/grib_concept_index.c:104:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[512] = {0,}; data/eccodes-2.19.1/src/grib_concept_index.c:116:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%ld", lres); data/eccodes-2.19.1/src/grib_concept_index.c:121:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%g", dres); data/eccodes-2.19.1/src/grib_context.c:230:18: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). long n = atol(getenv("ECCODES_FAIL_IF_LOG_MESSAGE")); data/eccodes-2.19.1/src/grib_context.c:429:64: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). default_grib_context.io_buffer_size = io_buffer_size ? atoi(io_buffer_size) : 0; data/eccodes-2.19.1/src/grib_context.c:430:72: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). default_grib_context.no_big_group_split = no_big_group_split ? atoi(no_big_group_split) : 0; data/eccodes-2.19.1/src/grib_context.c:431:48: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). default_grib_context.no_spd = no_spd ? atoi(no_spd) : 0; data/eccodes-2.19.1/src/grib_context.c:432:58: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). default_grib_context.keep_matrix = keep_matrix ? atoi(keep_matrix) : 1; data/eccodes-2.19.1/src/grib_context.c:433:62: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). default_grib_context.write_on_fail = write_on_fail ? atoi(write_on_fail) : 0; data/eccodes-2.19.1/src/grib_context.c:434:52: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). default_grib_context.no_abort = no_abort ? atoi(no_abort) : 0; data/eccodes-2.19.1/src/grib_context.c:435:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). default_grib_context.debug = debug ? atoi(debug) : 0; data/eccodes-2.19.1/src/grib_context.c:436:56: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). default_grib_context.gribex_mode_on = gribex ? atoi(gribex) : 0; data/eccodes-2.19.1/src/grib_context.c:437:78: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). default_grib_context.large_constant_fields = large_constant_fields ? atoi(large_constant_fields) : 0; data/eccodes-2.19.1/src/grib_context.c:438:60: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). default_grib_context.ieee_packing = ieee_packing ? atoi(ieee_packing) : 0; data/eccodes-2.19.1/src/grib_context.c:472:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[ECC_PATH_MAXLEN]= {0,}; data/eccodes-2.19.1/src/grib_context.c:482:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[ECC_PATH_MAXLEN]= {0,}; data/eccodes-2.19.1/src/grib_context.c:496:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[ECC_PATH_MAXLEN]= {0,}; data/eccodes-2.19.1/src/grib_context.c:506:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[ECC_PATH_MAXLEN]= {0,}; data/eccodes-2.19.1/src/grib_context.c:519:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[ECC_PATH_MAXLEN]; data/eccodes-2.19.1/src/grib_context.c:527:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[ECC_PATH_MAXLEN]; data/eccodes-2.19.1/src/grib_context.c:548:58: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). default_grib_context.bufrdc_mode = bufrdc_mode ? atoi(bufrdc_mode) : 0; data/eccodes-2.19.1/src/grib_context.c:549:106: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). default_grib_context.bufr_set_to_missing_if_out_of_range = bufr_set_to_missing_if_out_of_range ? atoi(bufr_set_to_missing_if_out_of_range) : 0; data/eccodes-2.19.1/src/grib_context.c:550:104: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). default_grib_context.bufr_multi_element_constant_arrays = bufr_multi_element_constant_arrays ? atoi(bufr_multi_element_constant_arrays) : 0; data/eccodes-2.19.1/src/grib_context.c:551:84: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). default_grib_context.grib_data_quality_checks = grib_data_quality_checks ? atoi(grib_data_quality_checks) : 0; data/eccodes-2.19.1/src/grib_context.c:552:88: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). default_grib_context.file_pool_max_opened_files = file_pool_max_opened_files ? atoi(file_pool_max_opened_files) : DEFAULT_FILE_POOL_MAX_OPENED_FILES; data/eccodes-2.19.1/src/grib_context.c:611:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char resolved[ECC_PATH_MAXLEN + 1]; data/eccodes-2.19.1/src/grib_context.c:628:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[ECC_PATH_MAXLEN]; data/eccodes-2.19.1/src/grib_context.c:683:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char full[1024] = {0,}; data/eccodes-2.19.1/src/grib_context.c:1016:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[1024]; data/eccodes-2.19.1/src/grib_context.c:1029:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(msg, " ("); data/eccodes-2.19.1/src/grib_context.c:1034:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(msg, " ("); data/eccodes-2.19.1/src/grib_context.c:1036:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(msg, " )"); data/eccodes-2.19.1/src/grib_context.c:1049:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[1024]; data/eccodes-2.19.1/src/grib_context.c:1207:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[10240]; data/eccodes-2.19.1/src/grib_db.c:225:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sval[1024]; data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_C.c:156:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sval, "%.18e", v); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_C.c:554:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[MAX_STRING_SIZE] = {0,}; /* See ECC-710 */ data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_filter.c:467:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[MAX_STRING_SIZE] = {0,}; /* See ECC-710 */ data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_fortran.c:496:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[MAX_STRING_SIZE] = {0,}; /* See ECC-710 */ data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_python.c:156:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sval, "%.18e", v); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_python.c:509:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[MAX_STRING_SIZE] = {0,}; /* See ECC-710 */ data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_C.c:157:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sval, "CODES_MISSING_LONG"); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_C.c:159:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sval, "%ld", v); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_C.c:166:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sval, "CODES_MISSING_DOUBLE"); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_C.c:168:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sval, "%.18e", v); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_C.c:861:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sampleName[200] = { 0 }; data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_C.c:873:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sampleName, "BUFR%ld_local_satellite", edition); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_C.c:875:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sampleName, "BUFR%ld_local", edition); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_C.c:878:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sampleName, "BUFR%ld", edition); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_filter.c:800:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sampleName[128] = { 0 }; data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_filter.c:812:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sampleName, "BUFR%ld_local_satellite", edition); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_filter.c:814:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sampleName, "BUFR%ld_local", edition); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_filter.c:817:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sampleName, "BUFR%ld", edition); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:157:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sval, "CODES_MISSING_LONG"); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:159:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sval, "%ld", v); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:166:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sval, "CODES_MISSING_DOUBLE"); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:170:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sval, "%.18e", v); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:210:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[256] = {0,}; data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:915:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sampleName[200] = { 0 }; data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:925:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sampleName, "BUFR%ld_local_satellite", edition); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:927:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sampleName, "BUFR%ld_local", edition); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:930:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sampleName, "BUFR%ld", edition); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_python.c:157:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sval, "CODES_MISSING_LONG"); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_python.c:159:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sval, "%ld", v); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_python.c:166:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sval, "CODES_MISSING_DOUBLE"); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_python.c:168:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sval, "%.18e", v); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_python.c:859:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sampleName[200] = { 0 }; data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_python.c:869:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sampleName, "BUFR%ld_local_satellite", edition); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_python.c:871:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sampleName, "BUFR%ld_local", edition); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_python.c:874:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sampleName, "BUFR%ld", edition); data/eccodes-2.19.1/src/grib_dumper_class_bufr_simple.c:635:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[MAX_STRING_SIZE] = {0,}; /* See ECC-710 */ data/eccodes-2.19.1/src/grib_dumper_class_debug.c:298:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(value, "<error>"); data/eccodes-2.19.1/src/grib_dumper_class_default.c:568:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type_name[32] = ""; data/eccodes-2.19.1/src/grib_dumper_class_default.c:571:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(type_name, "(int)"); data/eccodes-2.19.1/src/grib_dumper_class_default.c:573:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(type_name, "(double)"); data/eccodes-2.19.1/src/grib_dumper_class_default.c:575:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(type_name, "(str)"); data/eccodes-2.19.1/src/grib_dumper_class_default.c:657:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[512]; data/eccodes-2.19.1/src/grib_dumper_class_grib_encode_C.c:170:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/src/grib_dumper_class_grib_encode_C.c:227:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[1024]; data/eccodes-2.19.1/src/grib_dumper_class_grib_encode_C.c:309:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stype[10]; data/eccodes-2.19.1/src/grib_dumper_class_json.c:452:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[MAX_STRING_SIZE] = {0,}; /* See ECC-710 */ data/eccodes-2.19.1/src/grib_dumper_class_serialize.c:208:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[1024] = {0,}; data/eccodes-2.19.1/src/grib_dumper_class_serialize.c:359:35: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. columns_str = (char*)memcpy(columns_str, pcf, len); data/eccodes-2.19.1/src/grib_dumper_class_serialize.c:361:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). columns = atoi(columns_str); data/eccodes-2.19.1/src/grib_dumper_class_wmo.c:524:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[512]; data/eccodes-2.19.1/src/grib_dumper_class_wmo.c:573:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[50]; data/eccodes-2.19.1/src/grib_dumper_class_wmo.c:577:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%ld-%ld", begin, theEnd); data/eccodes-2.19.1/src/grib_errors.c:95:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char mess[64]; data/eccodes-2.19.1/src/grib_errors.c:96:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mess,"Unknown error %d",code); data/eccodes-2.19.1/src/grib_expression.c:119:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/eccodes-2.19.1/src/grib_expression_class_accessor.c:117:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mybuf[1024] = {0,}; data/eccodes-2.19.1/src/grib_expression_class_accessor.c:133:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, mybuf + start, e->length); data/eccodes-2.19.1/src/grib_expression_class_accessor.c:137:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, mybuf, *size); data/eccodes-2.19.1/src/grib_expression_class_is_in_dict.c:98:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024] = {0,}; data/eccodes-2.19.1/src/grib_expression_class_is_in_dict.c:99:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[1024] = {0,}; data/eccodes-2.19.1/src/grib_expression_class_is_in_dict.c:141:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(list, line, strlen(line)); data/eccodes-2.19.1/src/grib_expression_class_is_in_dict.c:162:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mybuf[1024] = {0,}; data/eccodes-2.19.1/src/grib_expression_class_is_in_dict.c:182:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mybuf[1024] = {0,}; data/eccodes-2.19.1/src/grib_expression_class_is_in_dict.c:201:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mybuf[1024] = {0,}; data/eccodes-2.19.1/src/grib_expression_class_is_in_dict.c:215:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%ld", result); data/eccodes-2.19.1/src/grib_expression_class_is_in_list.c:100:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024] = {0,}; data/eccodes-2.19.1/src/grib_expression_class_is_in_list.c:161:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mybuf[1024] = {0,}; data/eccodes-2.19.1/src/grib_expression_class_is_in_list.c:181:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mybuf[1024] = {0,}; data/eccodes-2.19.1/src/grib_expression_class_is_in_list.c:200:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mybuf[1024] = {0,}; data/eccodes-2.19.1/src/grib_expression_class_is_in_list.c:214:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%ld", result); data/eccodes-2.19.1/src/grib_expression_class_is_integer.c:106:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mybuf[1024] = {0,}; data/eccodes-2.19.1/src/grib_expression_class_is_integer.c:149:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%ld", lresult); data/eccodes-2.19.1/src/grib_expression_class_is_integer.c:153:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%g", dresult); data/eccodes-2.19.1/src/grib_expression_class_length.c:106:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mybuf[1024] = {0,}; data/eccodes-2.19.1/src/grib_expression_class_length.c:118:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mybuf[1024] = {0,}; data/eccodes-2.19.1/src/grib_expression_class_length.c:131:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mybuf[1024] = {0,}; data/eccodes-2.19.1/src/grib_expression_class_length.c:136:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%ld", (long)strlen(mybuf)); data/eccodes-2.19.1/src/grib_expression_class_string_compare.c:106:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b1[1024]; data/eccodes-2.19.1/src/grib_expression_class_string_compare.c:108:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b2[1024]; data/eccodes-2.19.1/src/grib_expression_class_sub_string.c:112:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char v[1024] = {0,}; data/eccodes-2.19.1/src/grib_expression_class_sub_string.c:133:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v, value + start, length); data/eccodes-2.19.1/src/grib_fieldset.c:231:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sval[1024]; data/eccodes-2.19.1/src/grib_filepool.c:246:28: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file->handle = fopen(file->name, "a"); data/eccodes-2.19.1/src/grib_filepool.c:249:28: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file->handle = fopen(file->name, mode); data/eccodes-2.19.1/src/grib_handle.c:312:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fh = fopen(file, mode); data/eccodes-2.19.1/src/grib_handle.c:382:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id_str[64] = {0,}; data/eccodes-2.19.1/src/grib_handle.c:414:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy, data, size); data/eccodes-2.19.1/src/grib_handle.c:434:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy, data, size); data/eccodes-2.19.1/src/grib_handle.c:577:65: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. gm->bitmap_section = (unsigned char*)memcpy(gm->bitmap_section, secbegin, seclen); data/eccodes-2.19.1/src/grib_handle.c:728:65: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. gm->bitmap_section = (unsigned char*)memcpy(gm->bitmap_section, secbegin, seclen); data/eccodes-2.19.1/src/grib_handle.c:784:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (gts_header) memcpy(gl->gts_header, gts_header, gtslen); data/eccodes-2.19.1/src/grib_handle.c:1017:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (gts_header) memcpy(gl->gts_header, gts_header, gtslen); data/eccodes-2.19.1/src/grib_handle.c:1140:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (gts_header) memcpy(gl->gts_header, gts_header, gtslen); data/eccodes-2.19.1/src/grib_handle.c:1206:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, mess, mess_len); data/eccodes-2.19.1/src/grib_handle.c:1222:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, mess, mess_len); data/eccodes-2.19.1/src/grib_handle.c:1286:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(message, h->buffer->data + section_offset, *len); data/eccodes-2.19.1/src/grib_handle.c:1300:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(message, h->buffer->data, *len); data/eccodes-2.19.1/src/grib_handle.c:1380:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strbuf[10]; data/eccodes-2.19.1/src/grib_handle.c:1381:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(strbuf, "%.8d", (int)(h->buffer->ulength + h->gts_header_len - 6)); data/eccodes-2.19.1/src/grib_handle.c:1382:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(h->gts_header, strbuf, 8); data/eccodes-2.19.1/src/grib_handle.c:1547:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, sections[i], sections_len[i]); data/eccodes-2.19.1/src/grib_handle.c:1552:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, theEnd, 4); data/eccodes-2.19.1/src/grib_header_compute.c:136:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/src/grib_header_compute.c:234:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[5]; data/eccodes-2.19.1/src/grib_ieeefloat.c:449:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&lval, &x, sizeof(long)); data/eccodes-2.19.1/src/grib_ieeefloat.c:457:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dval, &x, sizeof(long)); data/eccodes-2.19.1/src/grib_ieeefloat.c:464:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s[8] = {0,}; data/eccodes-2.19.1/src/grib_ieeefloat.c:474:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&fval, s, 4); data/eccodes-2.19.1/src/grib_ieeefloat.c:477:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&fval, buf, 4); data/eccodes-2.19.1/src/grib_ieeefloat.c:488:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pval++, s, 8); data/eccodes-2.19.1/src/grib_ieeefloat.c:490:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pval++, buf, 8); data/eccodes-2.19.1/src/grib_ieeefloat.c:525:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s4[4]; data/eccodes-2.19.1/src/grib_ieeefloat.c:526:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s8[8]; data/eccodes-2.19.1/src/grib_ieeefloat.c:536:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s4, &(fval), 4); data/eccodes-2.19.1/src/grib_ieeefloat.c:540:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &(fval), 4); data/eccodes-2.19.1/src/grib_ieeefloat.c:548:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s8, pval++, 8); data/eccodes-2.19.1/src/grib_ieeefloat.c:552:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, pval++, 8); data/eccodes-2.19.1/src/grib_index.c:842:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fh = fopen(filename, "w"); data/eccodes-2.19.1/src/grib_index.c:919:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fh = fopen(filename, "r"); data/eccodes-2.19.1/src/grib_index.c:1000:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024] = {0,}; data/eccodes-2.19.1/src/grib_index.c:1031:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%ld", lval); data/eccodes-2.19.1/src/grib_index.c:1038:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%g", dval); data/eccodes-2.19.1/src/grib_index.c:1083:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024] = {0,}; data/eccodes-2.19.1/src/grib_index.c:1166:25: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%ld", lval); data/eccodes-2.19.1/src/grib_index.c:1173:25: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%g", dval); data/eccodes-2.19.1/src/grib_index.c:1269:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]={0,}; data/eccodes-2.19.1/src/grib_index.c:1341:22: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf(buf,"%ld",lval); data/eccodes-2.19.1/src/grib_index.c:1346:22: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf(buf,"%g",dval); data/eccodes-2.19.1/src/grib_index.c:1498:27: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). values[i++] = atol(kv->value); data/eccodes-2.19.1/src/grib_index.c:1566:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(key->value, "%ld", value); data/eccodes-2.19.1/src/grib_index.c:1598:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(key->value, "%g", value); data/eccodes-2.19.1/src/grib_index.c:1789:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fh = fopen(filename, "r"); data/eccodes-2.19.1/src/grib_index.c:1988:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8] = {0,}; data/eccodes-2.19.1/src/grib_index.c:1996:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fh = fopen(filename, "r"); data/eccodes-2.19.1/src/grib_io.c:109:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, tmp, already_read); data/eccodes-2.19.1/src/grib_io.c:428:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmp[32]; /* Should be enough */ data/eccodes-2.19.1/src/grib_io.c:476:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[8]; data/eccodes-2.19.1/src/grib_io.c:505:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmp[49]; /* Should be enough */ data/eccodes-2.19.1/src/grib_io.c:506:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4]; data/eccodes-2.19.1/src/grib_io.c:580:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char skip[4]; data/eccodes-2.19.1/src/grib_io.c:666:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmp[36]; /* Should be enough */ data/eccodes-2.19.1/src/grib_io.c:667:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[8]; data/eccodes-2.19.1/src/grib_io.c:941:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmp[1024] = {0,}; /* See ECC-735 */ data/eccodes-2.19.1/src/grib_io.c:981:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, tmp, already_read); data/eccodes-2.19.1/src/grib_io.c:1000:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmp[1000] = {0,}; /* Should be enough */ data/eccodes-2.19.1/src/grib_io.c:1029:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, tmp, already_read); data/eccodes-2.19.1/src/grib_io.c:1048:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmp[32] = {0,}; /* Should be enough */ data/eccodes-2.19.1/src/grib_io.c:1081:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, tmp, already_read); data/eccodes-2.19.1/src/grib_io.c:1610:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, m->data, l); data/eccodes-2.19.1/src/grib_io.c:1719:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(filename, "rb"); data/eccodes-2.19.1/src/grib_iterator_class_gen.c:126:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data2, data + ((size_t)iy) * nx, row_size); data/eccodes-2.19.1/src/grib_iterator_class_gen.c:127:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + iy * nx, data + (ny - 1 - iy) * ((size_t)nx), row_size); data/eccodes-2.19.1/src/grib_iterator_class_gen.c:128:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + (ny - 1 - iy) * ((size_t)nx), data2, row_size); data/eccodes-2.19.1/src/grib_iterator_class_gen.c:158:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, data2, ((size_t)numPoints) * sizeof(double)); data/eccodes-2.19.1/src/grib_jasper_encoding.c:89:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char opts[MAXOPTSSIZE]; data/eccodes-2.19.1/src/grib_jasper_encoding.c:182:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(opts, "\nnumgbits=4"); data/eccodes-2.19.1/src/grib_lex.c:2166:22: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). { grib_yylval.lval = atol((const char *)grib_yytext); return INTEGER; } data/eccodes-2.19.1/src/grib_lex.c:2171:22: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). { grib_yylval.lval = atol((const char *)grib_yytext); return INTEGER; } data/eccodes-2.19.1/src/grib_loader_from_array.c:119:32: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lval = atol(strvalue); data/eccodes-2.19.1/src/grib_loader_from_file.c:31:18: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *value = atol(strvalue); data/eccodes-2.19.1/src/grib_loader_from_file.c:114:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/eccodes-2.19.1/src/grib_memory.c:73:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[WORD]; data/eccodes-2.19.1/src/grib_memory.c:204:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, p, s); data/eccodes-2.19.1/src/grib_memory.c:338:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(n, p, r->size < s ? r->size : s); data/eccodes-2.19.1/src/grib_openjpeg_encoding.c:123:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(helper->jpeg_buffer, cio->buffer, helper->jpeg_length); data/eccodes-2.19.1/src/grib_openjpeg_encoding.c:247:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, &(mstream->pData[mstream->offset]), nb_bytes_read); data/eccodes-2.19.1/src/grib_openjpeg_encoding.c:267:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(mstream->pData[mstream->offset]), buffer, nb_bytes_write); data/eccodes-2.19.1/src/grib_parse_utils.c:80:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char loc[1024] = {0,}; data/eccodes-2.19.1/src/grib_parse_utils.c:84:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[1024] = {0,}; data/eccodes-2.19.1/src/grib_parse_utils.c:108:25: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(val, "undef"); data/eccodes-2.19.1/src/grib_parse_utils.c:124:29: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(val, "%.12g", dval); data/eccodes-2.19.1/src/grib_parse_utils.c:129:29: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(val, "%d", (int)lval); data/eccodes-2.19.1/src/grib_parse_utils.c:184:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sbuf[1024] = {0,}; data/eccodes-2.19.1/src/grib_parse_utils.c:328:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sbuf[1024] = {0,}; data/eccodes-2.19.1/src/grib_parse_utils.c:429:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char loc[1024]; data/eccodes-2.19.1/src/grib_parse_utils.c:438:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[10] = {0,}; data/eccodes-2.19.1/src/grib_parse_utils.c:439:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff1[1024] = {0,}; data/eccodes-2.19.1/src/grib_parse_utils.c:678:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/eccodes-2.19.1/src/grib_query.c:185:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, equal + 1, endCondition - equal - 1); data/eccodes-2.19.1/src/grib_query.c:205:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(condition->left, name + 1, equal - name - 1); data/eccodes-2.19.1/src/grib_query.c:369:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attribute_name[200] = {0,}; data/eccodes-2.19.1/src/grib_query.c:529:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_space[MAX_NAMESPACE_LEN]; data/eccodes-2.19.1/src/grib_query.c:563:28: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. accessor_name = (char*)memcpy(accessor_name, name, size); data/eccodes-2.19.1/src/grib_query.c:577:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attribute_name[512] = {0,}; data/eccodes-2.19.1/src/grib_query.c:622:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_space[MAX_NAMESPACE_LEN]; data/eccodes-2.19.1/src/grib_templates.c:54:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[1024]; data/eccodes-2.19.1/src/grib_templates.c:82:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[1024]; data/eccodes-2.19.1/src/grib_templates.c:110:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[1024]; data/eccodes-2.19.1/src/grib_templates.c:124:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/eccodes-2.19.1/src/grib_templates.c:150:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/eccodes-2.19.1/src/grib_templates.c:177:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/eccodes-2.19.1/src/grib_timer.c:44:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sec[20]; data/eccodes-2.19.1/src/grib_timer.c:45:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char min[20]; data/eccodes-2.19.1/src/grib_timer.c:46:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hou[20]; data/eccodes-2.19.1/src/grib_timer.c:47:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char day[20]; data/eccodes-2.19.1/src/grib_timer.c:52:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sec, "%ld sec ", n); data/eccodes-2.19.1/src/grib_timer.c:55:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(min, "%ld min ", n); data/eccodes-2.19.1/src/grib_timer.c:58:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(hou, "%ld hour ", n); data/eccodes-2.19.1/src/grib_timer.c:61:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(day, "%ld day ", n); data/eccodes-2.19.1/src/grib_timer.c:71:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[80]; data/eccodes-2.19.1/src/grib_timer.c:162:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[20]; data/eccodes-2.19.1/src/grib_timer.c:176:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cpu[1024] = ""; data/eccodes-2.19.1/src/grib_timer.c:184:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bytes[80]; data/eccodes-2.19.1/src/grib_timer.c:207:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bytes[80]; data/eccodes-2.19.1/src/grib_util.c:60:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char section_length_str[64] = "section0Length"; data/eccodes-2.19.1/src/grib_util.c:61:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char section_offset_str[64] = "offsetSection0"; data/eccodes-2.19.1/src/grib_util.c:76:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(section_length_str, "section%dLength", i); data/eccodes-2.19.1/src/grib_util.c:81:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(section_offset_str, "offsetSection%d", i); data/eccodes-2.19.1/src/grib_util.c:99:45: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. p = (unsigned char*)memcpy(p, hand->buffer->data + section_offset[i], section_length[i]); data/eccodes-2.19.1/src/grib_util.c:110:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + 15, ((unsigned char*)buffer_to) + 15, 1); data/eccodes-2.19.1/src/grib_util.c:292:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[101]; data/eccodes-2.19.1/src/grib_util.c:293:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char param[101]; data/eccodes-2.19.1/src/grib_util.c:452:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sample_name[16] = {0,}; data/eccodes-2.19.1/src/grib_util.c:463:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sample_name, "GRIB%ld", edition); data/eccodes-2.19.1/src/grib_util.c:581:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[100] = {0,}; data/eccodes-2.19.1/src/grib_util.c:583:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "Specified to be global (in spec)"); data/eccodes-2.19.1/src/grib_util.c:894:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1024]; data/eccodes-2.19.1/src/grib_util.c:895:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char input_grid_type[100]; data/eccodes-2.19.1/src/grib_util.c:896:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char input_packing_type[100]; data/eccodes-2.19.1/src/grib_util.c:1127:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "GRIB%ld", editionNumber); data/eccodes-2.19.1/src/grib_util.c:1130:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "GRIB%ld", editionNumber); data/eccodes-2.19.1/src/grib_util.c:1577:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ferror = fopen("error.data", "w"); data/eccodes-2.19.1/src/grib_util.c:1832:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000] = {0,}; data/eccodes-2.19.1/src/grib_util.c:1849:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, str, q - str); data/eccodes-2.19.1/src/grib_util.c:2169:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char description[1024] = {0,}; data/eccodes-2.19.1/src/grib_util.c:2170:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char step[32] = "unknown"; data/eccodes-2.19.1/src/grib_value.c:764:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char packingType[50] = {0,}; data/eccodes-2.19.1/src/grib_value.c:1570:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[1024] = {0,}; data/eccodes-2.19.1/src/grib_value.c:1727:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ubuff[1024] = {0,}; data/eccodes-2.19.1/src/grib_value.c:1728:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[1024] = {0,}; data/eccodes-2.19.1/src/grib_value.c:1791:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s1[500] = {0,}; data/eccodes-2.19.1/src/grib_value.c:1792:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s2[500] = {0,}; data/eccodes-2.19.1/src/grib_vdarray.c:23:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[100] = {0,}; data/eccodes-2.19.1/src/grib_vdarray.c:27:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(text, " vdarray->v[%lu]", (unsigned long)i); data/eccodes-2.19.1/src/grib_yacc.c:1968:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *grib_yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; data/eccodes-2.19.1/src/grib_yacc.c:2163:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grib_yymsgbuf[128]; data/eccodes-2.19.1/src/grib_yacc.c:3523:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[80]; sprintf(buf,"%ld",(long)(grib_yyvsp[-4].lval)); (grib_yyval.concept_value) = grib_concept_value_new(grib_parser_context,buf,(grib_yyvsp[-1].concept_condition));} data/eccodes-2.19.1/src/grib_yacc.c:3523:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. char buf[80]; sprintf(buf,"%ld",(long)(grib_yyvsp[-4].lval)); (grib_yyval.concept_value) = grib_concept_value_new(grib_parser_context,buf,(grib_yyvsp[-1].concept_condition));} data/eccodes-2.19.1/src/grib_yacc.c:3530:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[80]; sprintf(buf,"%g",(double)(grib_yyvsp[-4].dval)); (grib_yyval.concept_value) = grib_concept_value_new(grib_parser_context,buf,(grib_yyvsp[-1].concept_condition));} data/eccodes-2.19.1/src/grib_yacc.c:3530:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. char buf[80]; sprintf(buf,"%g",(double)(grib_yyvsp[-4].dval)); (grib_yyval.concept_value) = grib_concept_value_new(grib_parser_context,buf,(grib_yyvsp[-1].concept_condition));} data/eccodes-2.19.1/src/md5.c:284:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(digest, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", data/eccodes-2.19.1/src/md5.c:295:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char digest[1024]; data/eccodes-2.19.1/src/md5.c:301:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[10240]; data/eccodes-2.19.1/src/md5.h:24:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bytes[4]; data/eccodes-2.19.1/tests/bits.c:101:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ibm[4]; data/eccodes-2.19.1/tests/bufr_check_descriptors.c:18:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024] = {0,}; data/eccodes-2.19.1/tests/bufr_check_descriptors.c:30:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(filename, "r"); data/eccodes-2.19.1/tests/bufr_ecc-517.c:100:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen(outfilename, "wb"); data/eccodes-2.19.1/tests/bufr_extract_headers.c:47:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[512] = {0,}; data/eccodes-2.19.1/tests/bufr_get_element.c:33:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(infile, "rb"); data/eccodes-2.19.1/tests/bufr_keys_iter.c:51:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(input_filename, "rb"); data/eccodes-2.19.1/tests/bufr_threads_ecc-604.c:30:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(template_file, "rb"); data/eccodes-2.19.1/tests/bufr_threads_ecc-604.c:34:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(output_file, "wb"); data/eccodes-2.19.1/tests/bufr_threads_ecc-604.c:58:40: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* devnull = fopen("/dev/null", "w"); data/eccodes-2.19.1/tests/bufr_threads_ecc-604.c:117:27: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). NUM_THREADS = atol(argv[index + 2]); data/eccodes-2.19.1/tests/bufr_threads_ecc-604.c:118:27: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). FILES_PER_ITERATION = atol(argv[index + 3]); data/eccodes-2.19.1/tests/bufr_threads_ecc-604.c:172:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output_file[50]; data/eccodes-2.19.1/tests/bufr_threads_ecc-604.c:175:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stime[32]; data/eccodes-2.19.1/tests/bufr_threads_ecc-604.c:179:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(output_file, "output/output_file_%ld-%ld.bufr", data->number, i); data/eccodes-2.19.1/tests/gauss_sub.c:42:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f1 = fopen(infile1, "rb"); data/eccodes-2.19.1/tests/gauss_sub.c:48:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f2 = fopen(infile2, "rb"); data/eccodes-2.19.1/tests/grib_bpv_limit.c:47:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_msg[100]; data/eccodes-2.19.1/tests/grib_bpv_limit.c:57:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* in = fopen(filename, "rb"); data/eccodes-2.19.1/tests/grib_ccsds_perf.c:27:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). of = fopen(filename, "wb"); data/eccodes-2.19.1/tests/grib_ccsds_perf.c:67:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char packingType[50] = { data/eccodes-2.19.1/tests/grib_ccsds_perf.c:71:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char param[50] = { data/eccodes-2.19.1/tests/grib_ccsds_perf.c:74:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gridType[50] = { data/eccodes-2.19.1/tests/grib_ccsds_perf.c:77:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outfilename[255] = { data/eccodes-2.19.1/tests/grib_ccsds_perf.c:85:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grid[40] = { data/eccodes-2.19.1/tests/grib_ccsds_perf.c:88:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shortName[20] = { data/eccodes-2.19.1/tests/grib_ccsds_perf.c:92:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char levelType[20] = { data/eccodes-2.19.1/tests/grib_ccsds_perf.c:119:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). repeatsimple = atoi(argv[iarg++]); data/eccodes-2.19.1/tests/grib_ccsds_perf.c:120:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). bitsPerValue = atoi(argv[iarg++]); data/eccodes-2.19.1/tests/grib_ccsds_perf.c:122:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin = fopen(finname, "rb"); data/eccodes-2.19.1/tests/grib_ccsds_perf.c:129:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen(ofilename, "ab"); data/eccodes-2.19.1/tests/grib_ccsds_perf.c:131:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen(ofilename, "wb"); data/eccodes-2.19.1/tests/grib_ccsds_perf.c:191:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(grid, "%ld", N); data/eccodes-2.19.1/tests/grib_ccsds_perf.c:198:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(grid, "%g/%g", Di, Dj); data/eccodes-2.19.1/tests/grib_double_cmp.c:40:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(filename, "rb"); data/eccodes-2.19.1/tests/grib_ecc-386.c:39:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(argv[1], "rb"); data/eccodes-2.19.1/tests/grib_encode_pthreads.c:58:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* in = fopen(input_file, "rb"); data/eccodes-2.19.1/tests/grib_encode_pthreads.c:59:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* out = fopen(output_file, "wb"); data/eccodes-2.19.1/tests/grib_encode_pthreads.c:112:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output_file[50]; data/eccodes-2.19.1/tests/grib_encode_pthreads.c:116:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(output_file, "temp.grib_encode_pthreads.out_%d-%d.grib", (int)number, i); data/eccodes-2.19.1/tests/grib_indexing.c:28:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oShortName[200]; data/eccodes-2.19.1/tests/grib_lam_bf.c:763:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char f[128]; data/eccodes-2.19.1/tests/grib_lam_bf.c:768:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(f, "wb"); data/eccodes-2.19.1/tests/grib_lam_bf.c:781:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char f[128]; data/eccodes-2.19.1/tests/grib_lam_bf.c:789:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char geometry[128]; data/eccodes-2.19.1/tests/grib_lam_bf.c:793:30: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(f, "rb"); data/eccodes-2.19.1/tests/grib_lam_gp.c:914:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char f[128]; data/eccodes-2.19.1/tests/grib_lam_gp.c:919:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(f, "wb"); data/eccodes-2.19.1/tests/grib_lam_gp.c:932:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char f[128]; data/eccodes-2.19.1/tests/grib_lam_gp.c:939:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char geometry[128]; data/eccodes-2.19.1/tests/grib_lam_gp.c:942:26: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(f, "rb"); data/eccodes-2.19.1/tests/grib_multi_from_message.c:28:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shortName[20] = { data/eccodes-2.19.1/tests/grib_multi_from_message.c:56:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, "rb"); data/eccodes-2.19.1/tests/grib_nearest_test.c:39:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char param[20] = {0,}; data/eccodes-2.19.1/tests/grib_read_index.c:28:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oshortName[200]; data/eccodes-2.19.1/tests/grib_threads_ecc-604-encode.c:75:27: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). NUM_THREADS = atol(argv[index + 2]); data/eccodes-2.19.1/tests/grib_threads_ecc-604-encode.c:76:27: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). FILES_PER_ITERATION = atol(argv[index + 3]); data/eccodes-2.19.1/tests/grib_threads_ecc-604-encode.c:129:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output_file[50]; data/eccodes-2.19.1/tests/grib_threads_ecc-604-encode.c:132:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stime[32]; data/eccodes-2.19.1/tests/grib_threads_ecc-604-encode.c:140:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(output_file, "output/output_file_%ld-%ld.grib", data->number, i); data/eccodes-2.19.1/tests/grib_threads_ecc-604.c:28:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(template_file, "rb"); data/eccodes-2.19.1/tests/grib_threads_ecc-604.c:31:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(output_file, "wb"); data/eccodes-2.19.1/tests/grib_threads_ecc-604.c:72:29: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* devnull = fopen("/dev/null", "w"); data/eccodes-2.19.1/tests/grib_threads_ecc-604.c:126:27: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). NUM_THREADS = atol(argv[index + 2]); data/eccodes-2.19.1/tests/grib_threads_ecc-604.c:127:27: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). FILES_PER_ITERATION = atol(argv[index + 3]); data/eccodes-2.19.1/tests/grib_threads_ecc-604.c:181:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output_file[50]; data/eccodes-2.19.1/tests/grib_threads_ecc-604.c:184:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stime[32]; data/eccodes-2.19.1/tests/grib_threads_ecc-604.c:188:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(output_file, "output/output_file_%ld-%ld.grib", data->number, i); data/eccodes-2.19.1/tests/grib_util_set_spec.c:48:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gridType[128] = {0,}; data/eccodes-2.19.1/tests/grib_util_set_spec.c:56:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(input_filename, "rb"); data/eccodes-2.19.1/tests/grib_util_set_spec.c:67:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(output_filename, "wb"); data/eccodes-2.19.1/tests/grib_util_set_spec.c:158:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gridType[128] = {0,}; data/eccodes-2.19.1/tests/grib_util_set_spec.c:167:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(input_filename, "rb"); data/eccodes-2.19.1/tests/grib_util_set_spec.c:180:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(output_filename, "wb"); data/eccodes-2.19.1/tests/grib_util_set_spec.c:266:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gridType[128] = {0,}; data/eccodes-2.19.1/tests/grib_util_set_spec.c:274:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(input_filename,"rb"); Assert(in); data/eccodes-2.19.1/tests/grib_util_set_spec.c:282:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(output_filename,"wb"); Assert(out); data/eccodes-2.19.1/tests/grib_util_set_spec.c:368:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). edition = atoi(argv[i + 1]); data/eccodes-2.19.1/tests/gribex_perf.c:218:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). of = fopen(filename,"wb"); data/eccodes-2.19.1/tests/gribex_perf.c:254:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char packingType[50]={0,}; data/eccodes-2.19.1/tests/gribex_perf.c:256:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char param[50]={0,}; data/eccodes-2.19.1/tests/gribex_perf.c:257:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gridType[50]={0,}; data/eccodes-2.19.1/tests/gribex_perf.c:258:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outfilename[255]={0,}; data/eccodes-2.19.1/tests/gribex_perf.c:261:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grid[20]={0,}; data/eccodes-2.19.1/tests/gribex_perf.c:262:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shortName[20]={0,}; data/eccodes-2.19.1/tests/gribex_perf.c:264:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char levelType[20]={0,}; data/eccodes-2.19.1/tests/gribex_perf.c:265:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFF_SIZE]={0,}; data/eccodes-2.19.1/tests/gribex_perf.c:266:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFF_SIZE]={0,}; data/eccodes-2.19.1/tests/gribex_perf.c:303:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). repeatsimple=atoi(argv[iarg++]); data/eccodes-2.19.1/tests/gribex_perf.c:304:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). bitsPerValue=atoi(argv[iarg++]); data/eccodes-2.19.1/tests/gribex_perf.c:306:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin = fopen(finname,"rb"); data/eccodes-2.19.1/tests/gribex_perf.c:316:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen(ofilename,"ab"); data/eccodes-2.19.1/tests/gribex_perf.c:318:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen(ofilename,"wb"); data/eccodes-2.19.1/tests/gribex_perf.c:363:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(grid,"%ld",N); data/eccodes-2.19.1/tests/gribex_perf.c:370:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(grid,"%g/%g",Di,Dj); data/eccodes-2.19.1/tests/gribex_perf.c:376:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(grid,"T%ld",J); data/eccodes-2.19.1/tests/index_orderby.c:26:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oshortName[200]; data/eccodes-2.19.1/tests/jpeg_perf.c:27:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). of = fopen(filename, "wb"); data/eccodes-2.19.1/tests/jpeg_perf.c:67:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char packingType[50] = {0,}; data/eccodes-2.19.1/tests/jpeg_perf.c:69:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char param[50] = {0,}; data/eccodes-2.19.1/tests/jpeg_perf.c:70:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gridType[50] = {0,}; data/eccodes-2.19.1/tests/jpeg_perf.c:71:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outfilename[255] = {0,}; data/eccodes-2.19.1/tests/jpeg_perf.c:77:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grid[32] = {0,}; data/eccodes-2.19.1/tests/jpeg_perf.c:78:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shortName[20] = {0,}; data/eccodes-2.19.1/tests/jpeg_perf.c:80:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char levelType[20] = {0,}; data/eccodes-2.19.1/tests/jpeg_perf.c:105:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). repeatsimple = atoi(argv[iarg++]); data/eccodes-2.19.1/tests/jpeg_perf.c:106:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). bitsPerValue = atoi(argv[iarg++]); data/eccodes-2.19.1/tests/jpeg_perf.c:108:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin = fopen(finname, "rb"); data/eccodes-2.19.1/tests/jpeg_perf.c:115:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen(ofilename, "ab"); data/eccodes-2.19.1/tests/jpeg_perf.c:117:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen(ofilename, "wb"); data/eccodes-2.19.1/tests/jpeg_perf.c:177:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(grid, "%ld", N); data/eccodes-2.19.1/tests/jpeg_perf.c:184:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(grid, "%g/%g", Di, Dj); data/eccodes-2.19.1/tests/laplacian.c:212:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFF_SIZE]={0,}; data/eccodes-2.19.1/tests/laplacian.c:213:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFF_SIZE]={0,}; data/eccodes-2.19.1/tests/laplacian.c:233:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin = fopen(finname,"rb"); data/eccodes-2.19.1/tests/laplacian.c:271:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout=fopen("out_gribex.grib","wb"); data/eccodes-2.19.1/tests/largefile.c:31:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[10]; data/eccodes-2.19.1/tests/largefile.c:38:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(argv[1], "r"); data/eccodes-2.19.1/tests/pack_unpack.c:225:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[5000000]; data/eccodes-2.19.1/tests/pack_unpack.c:232:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin = fopen(finname,"rb"); data/eccodes-2.19.1/tests/packing.c:397:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[STRMAXLEN]; data/eccodes-2.19.1/tests/packing.c:402:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). write_grib=atoi(argv[++argi]); data/eccodes-2.19.1/tests/packing.c:403:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). calculateP=atoi(argv[++argi]); data/eccodes-2.19.1/tests/packing.c:404:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). gribex_grib_compare=atoi(argv[++argi]); data/eccodes-2.19.1/tests/packing.c:405:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dosort=atoi(argv[++argi]); data/eccodes-2.19.1/tests/packing.c:406:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). noiselev=atoi(argv[++argi]); data/eccodes-2.19.1/tests/packing.c:410:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin = fopen(finname,"rb"); data/eccodes-2.19.1/tests/packing.c:486:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). foutgribex=fopen(foutnamegribex,"wb"); data/eccodes-2.19.1/tests/packing.c:505:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). foutgrib=fopen(foutnamegrib,"wb"); data/eccodes-2.19.1/tests/packing_check.c:211:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[BUFF_SIZE]; data/eccodes-2.19.1/tests/packing_check.c:238:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin = fopen(finname,"rb"); data/eccodes-2.19.1/tests/png_perf.c:27:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). of = fopen(filename, "wb"); data/eccodes-2.19.1/tests/png_perf.c:67:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char packingType[50] = {0,}; data/eccodes-2.19.1/tests/png_perf.c:69:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char param[50] = {0,}; data/eccodes-2.19.1/tests/png_perf.c:70:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gridType[50] = {0,}; data/eccodes-2.19.1/tests/png_perf.c:71:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outfilename[255] = {0,}; data/eccodes-2.19.1/tests/png_perf.c:77:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grid[40] = {0,}; data/eccodes-2.19.1/tests/png_perf.c:78:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shortName[20] = {0,}; data/eccodes-2.19.1/tests/png_perf.c:80:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char levelType[20] = {0,}; data/eccodes-2.19.1/tests/png_perf.c:105:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). repeatsimple = atoi(argv[iarg++]); data/eccodes-2.19.1/tests/png_perf.c:106:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). bitsPerValue = atoi(argv[iarg++]); data/eccodes-2.19.1/tests/png_perf.c:108:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin = fopen(finname, "rb"); data/eccodes-2.19.1/tests/png_perf.c:115:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen(ofilename, "ab"); data/eccodes-2.19.1/tests/png_perf.c:117:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen(ofilename, "wb"); data/eccodes-2.19.1/tests/png_perf.c:177:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(grid, "%ld", N); data/eccodes-2.19.1/tests/png_perf.c:184:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(grid, "%g/%g", Di, Dj); data/eccodes-2.19.1/tests/read_any.c:18:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char buffer[50000000]; data/eccodes-2.19.1/tests/read_any.c:30:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gridType[50], levelType[50], level[50], shortName[50]; data/eccodes-2.19.1/tests/read_any.c:41:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, "rb"); data/eccodes-2.19.1/tests/so_perf.c:218:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). of = fopen(filename,"wb"); data/eccodes-2.19.1/tests/so_perf.c:259:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char packingType[50]={0,}; data/eccodes-2.19.1/tests/so_perf.c:261:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char param[50]={0,}; data/eccodes-2.19.1/tests/so_perf.c:262:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gridType[50]={0,}; data/eccodes-2.19.1/tests/so_perf.c:263:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outfilename[255]={0,}; data/eccodes-2.19.1/tests/so_perf.c:269:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grid[20]={0,}; data/eccodes-2.19.1/tests/so_perf.c:270:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shortName[20]={0,}; data/eccodes-2.19.1/tests/so_perf.c:272:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char levelType[20]={0,}; data/eccodes-2.19.1/tests/so_perf.c:273:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFF_SIZE]={0,}; data/eccodes-2.19.1/tests/so_perf.c:274:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFF_SIZE]={0,}; data/eccodes-2.19.1/tests/so_perf.c:312:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). repeatsimple=atoi(argv[iarg++]); data/eccodes-2.19.1/tests/so_perf.c:313:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). bitsPerValue=atoi(argv[iarg++]); data/eccodes-2.19.1/tests/so_perf.c:315:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin = fopen(finname,"rb"); data/eccodes-2.19.1/tests/so_perf.c:325:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen(ofilename,"ab"); data/eccodes-2.19.1/tests/so_perf.c:327:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen(ofilename,"wb"); data/eccodes-2.19.1/tests/so_perf.c:379:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(grid,"%ld",N); data/eccodes-2.19.1/tests/so_perf.c:386:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(grid,"%g/%g",Di,Dj); data/eccodes-2.19.1/tests/tests.ecmwf/chemical.c:22:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char varname[NC_MAX_NAME+1]; data/eccodes-2.19.1/tests/tests.ecmwf/chemical.c:97:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen("out.grb","w"); data/eccodes-2.19.1/tests/tests.ecmwf/chemical.c:103:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fl = fopen("chemical.log","w"); data/eccodes-2.19.1/tests/tests.ecmwf/compare.c:559:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rsec4_3,rsec4_1,sizeof(double)*(count+100000)); data/eccodes-2.19.1/tests/tests.ecmwf/compare.c:778:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* out = fopen(path,"w"); data/eccodes-2.19.1/tests/tests.ecmwf/compare.c:810:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[1024]; data/eccodes-2.19.1/tests/tests.ecmwf/compatibility.c:3:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024*1024*80]; data/eccodes-2.19.1/tests/tests.ecmwf/compatibility.c:14:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(argc > 1 ? argv[1]: "data" ,"r"); data/eccodes-2.19.1/tests/tests.ecmwf/compatibility_ex.c:3:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024*1024*80]; data/eccodes-2.19.1/tests/tests.ecmwf/compatibility_ex.c:23:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(fname ,"r"); data/eccodes-2.19.1/tests/tests.ecmwf/compatibility_ex.c:34:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). of = fopen(ofname ,"w"); data/eccodes-2.19.1/tests/tests.ecmwf/compatibility_ex.c:49:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). of = fopen(ofname ,"r"); data/eccodes-2.19.1/tests/tests.ecmwf/deserialize.c:21:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(argv[i],"r"); data/eccodes-2.19.1/tests/tests.ecmwf/grib1to2.c:3:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024*1024*80]; data/eccodes-2.19.1/tests/tests.ecmwf/grib1to2.c:16:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(argc > 1 ? argv[1]: "data" ,"r"); data/eccodes-2.19.1/tests/tests.ecmwf/memory.c:3:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024*1024*10]; data/eccodes-2.19.1/tests/tests.ecmwf/memory.c:56:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* dev_null = fopen("/dev/null","w"); data/eccodes-2.19.1/tests/tests.ecmwf/memory.c:61:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(argc > 1 ? argv[1]: "data" ,"r"); data/eccodes-2.19.1/tests/tests.ecmwf/memory.c:126:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[80]; data/eccodes-2.19.1/tests/tests.ecmwf/memory.c:132:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. double d; long l; char c[1024]; unsigned char b[1024]; data/eccodes-2.19.1/tests/tests.ecmwf/memory.c:132:47: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. double d; long l; char c[1024]; unsigned char b[1024]; data/eccodes-2.19.1/tests/tests.ecmwf/packing.c:4:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024*1024*80]; data/eccodes-2.19.1/tests/tests.ecmwf/packing.c:28:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(path ,"r"); data/eccodes-2.19.1/tests/tests.ecmwf/request.c:4:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024*1024*10]; data/eccodes-2.19.1/tests/tests.ecmwf/request.c:62:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[80]; data/eccodes-2.19.1/tests/tests.ecmwf/request.c:68:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(argc > 1 ? argv[1]: "data" ,"r"); data/eccodes-2.19.1/tests/tests.ecmwf/request.c:92:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[1024]; data/eccodes-2.19.1/tests/tests.ecmwf/request.c:117:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[80]; data/eccodes-2.19.1/tests/tests.ecmwf/request.c:118:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[80]; data/eccodes-2.19.1/tests/tests.ecmwf/request.c:120:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gvalue[80] = {0,}; data/eccodes-2.19.1/tests/tests.ecmwf/request.c:121:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nam[80] = {0,}; data/eccodes-2.19.1/tests/tests.ecmwf/request.c:134:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(value,"oper"); data/eccodes-2.19.1/tests/tests.ecmwf/request.c:137:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(value,"enfo"); data/eccodes-2.19.1/tests/tests.ecmwf/request.c:140:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(value,"supd"); data/eccodes-2.19.1/tests/tests.ecmwf/request.c:143:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(value,"wave"); data/eccodes-2.19.1/tests/tests.ecmwf/request.c:146:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(value,"mnth"); data/eccodes-2.19.1/tests/tests.ecmwf/request.c:149:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(value,"cher"); data/eccodes-2.19.1/tests/tests.ecmwf/request.c:152:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(value,"sens"); data/eccodes-2.19.1/tests/tests.ecmwf/request.c:155:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(value,"toga"); data/eccodes-2.19.1/tests/tests.ecmwf/request.c:158:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(value,"msdc"); data/eccodes-2.19.1/tests/tests.ecmwf/sample.c:5:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024*1024*20]; data/eccodes-2.19.1/tests/tests.ecmwf/sample.c:49:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ext[5] = {0,}; data/eccodes-2.19.1/tests/tests.ecmwf/sample.c:51:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(argc > 1 ? argv[1]: "data" ,"r"); data/eccodes-2.19.1/tests/tests.ecmwf/sample.c:63:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[1024]; data/eccodes-2.19.1/tests/tests.ecmwf/sample.c:75:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(fname,"./"); data/eccodes-2.19.1/tests/tests.ecmwf/sample.c:76:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(fname,"/vol/dataserv/grib_samples/brute_force/"); data/eccodes-2.19.1/tests/tests.ecmwf/sample.c:80:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[1024]; data/eccodes-2.19.1/tests/tests.ecmwf/sample.c:84:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(fname,"na"); data/eccodes-2.19.1/tests/tests.ecmwf/sample.c:95:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* out = fopen(fname,"w"); data/eccodes-2.19.1/tests/tests.ecmwf/sample.c:117:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[1024]; data/eccodes-2.19.1/tests/tests.ecmwf/sample.c:130:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* out = fopen(fname,"w"); data/eccodes-2.19.1/tests/tests.ecmwf/serialize.c:9:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024*1024*80]; data/eccodes-2.19.1/tests/tests.ecmwf/serialize.c:13:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024*1024*80]; data/eccodes-2.19.1/tests/tests.ecmwf/serialize.c:28:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(argc > 1 ? argv[1]: "data" ,"r"); data/eccodes-2.19.1/tests/tests.ecmwf/values.c:3:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024*1024*80]; data/eccodes-2.19.1/tests/tests.ecmwf/values.c:17:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(path ,"r"); data/eccodes-2.19.1/tests/timing.c:228:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[50000000]; data/eccodes-2.19.1/tests/timing.c:241:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin = fopen(finname,"rb"); data/eccodes-2.19.1/tests/unit_tests.c:1387:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char input[80] = "Born|To|Be|Wild"; data/eccodes-2.19.1/tests/unit_tests.c:1403:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(input, "12345|a gap|"); data/eccodes-2.19.1/tests/unit_tests.c:1414:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(input, "Steppenwolf"); data/eccodes-2.19.1/tests/unit_tests.c:1463:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result[1024] = {0,}; data/eccodes-2.19.1/tests/values_to_ascii.c:24:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char format[1024]; data/eccodes-2.19.1/tests/values_to_ascii.c:38:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(argv[1], "rb"); data/eccodes-2.19.1/tests/values_to_ascii.c:51:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(format, "%g "); data/eccodes-2.19.1/tigge/tigge_accumulations.c:180:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(argv[argc-1],"w"); data/eccodes-2.19.1/tigge/tigge_accumulations.c:188:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(argv[i],"rb"); data/eccodes-2.19.1/tigge/tigge_check.c:372:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stepType[15]={0,}; data/eccodes-2.19.1/tigge/tigge_check.c:379:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stepRange[100]={0,}; data/eccodes-2.19.1/tigge/tigge_check.c:1104:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strval[256]={0,}; data/eccodes-2.19.1/tigge/tigge_check.c:1186:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char packingType[254] = {0,}; data/eccodes-2.19.1/tigge/tigge_check.c:1409:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(path,"rb"); data/eccodes-2.19.1/tigge/tigge_check.c:1498:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fgood = fopen(good,"w"); data/eccodes-2.19.1/tigge/tigge_check.c:1505:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fbad = fopen(bad,"w"); data/eccodes-2.19.1/tigge/tigge_name.c:68:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wmo_name[1024]; data/eccodes-2.19.1/tigge/tigge_name.c:69:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char origin[80]; data/eccodes-2.19.1/tigge/tigge_name.c:70:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char model[80]; data/eccodes-2.19.1/tigge/tigge_name.c:71:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expver[80]; data/eccodes-2.19.1/tigge/tigge_name.c:72:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char levtype[80]; data/eccodes-2.19.1/tigge/tigge_name.c:73:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[80]; data/eccodes-2.19.1/tigge/tigge_name.c:74:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tigge_name[80]; data/eccodes-2.19.1/tigge/tigge_name.c:86:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(levtype,"sl"); data/eccodes-2.19.1/tigge/tigge_name.c:118:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(path,"rb"); data/eccodes-2.19.1/tigge/tigge_split.c:120:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wmo_name[1024]; data/eccodes-2.19.1/tigge/tigge_split.c:121:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char origin[80]; data/eccodes-2.19.1/tigge/tigge_split.c:122:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char model[80]; data/eccodes-2.19.1/tigge/tigge_split.c:123:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expver[80]; data/eccodes-2.19.1/tigge/tigge_split.c:124:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char levtype[80]; data/eccodes-2.19.1/tigge/tigge_split.c:125:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[80]; data/eccodes-2.19.1/tigge/tigge_split.c:126:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tigge_name[80]; data/eccodes-2.19.1/tigge/tigge_split.c:142:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(levtype,"sl"); data/eccodes-2.19.1/tigge/tigge_split.c:172:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(wmo_name,"w"); data/eccodes-2.19.1/tigge/tigge_split.c:187:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(path,"rb"); data/eccodes-2.19.1/tigge/tigge_tools.c:36:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/eccodes-2.19.1/tigge/tigge_tools.c:55:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/eccodes-2.19.1/tools/big2gribex.c:40:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inf = fopen(infile, "r"); data/eccodes-2.19.1/tools/big2gribex.c:46:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ouf = fopen(oufile, "w"); data/eccodes-2.19.1/tools/bufr_3to4.c:43:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). infh = fopen(filename, "r"); data/eccodes-2.19.1/tools/bufr_3to4.c:50:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outfh = fopen(ofilename, "w"); data/eccodes-2.19.1/tools/bufr_3to4.c:69:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(omesg, mesg, 7); data/eccodes-2.19.1/tools/bufr_compare.c:134:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[1024] = {0,}; data/eccodes-2.19.1/tools/bufr_compare.c:140:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fh = fopen(fname, "w"); data/eccodes-2.19.1/tools/bufr_compare.c:269:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start = atoi(grib_options_get_option("S:")); data/eccodes-2.19.1/tools/bufr_compare.c:272:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end = atoi(grib_options_get_option("E:")); data/eccodes-2.19.1/tools/bufr_compare.c:346:39: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). options->infile_extra->file = fopen(options->infile_extra->name, "r"); data/eccodes-2.19.1/tools/bufr_compare.c:405:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufr[2048] = {0,}; data/eccodes-2.19.1/tools/bufr_compare.c:662:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sval, "MISSING"); data/eccodes-2.19.1/tools/bufr_compare.c:664:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sval, "%.20e", v); data/eccodes-2.19.1/tools/bufr_copy.c:70:34: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). options->outfile->file = fopen(options->outfile->name,"w"); data/eccodes-2.19.1/tools/bufr_dump.c:233:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/eccodes-2.19.1/tools/bufr_dump.c:281:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char generator_name[32]; data/eccodes-2.19.1/tools/bufr_dump.c:284:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(generator_name, "-Dfilter"); data/eccodes-2.19.1/tools/bufr_dump.c:288:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(generator_name, "-Efilter"); data/eccodes-2.19.1/tools/bufr_dump.c:533:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/eccodes-2.19.1/tools/bufr_dump.c:534:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "MESSAGE %d ( length=%ld )", options->handle_count, length); data/eccodes-2.19.1/tools/bufr_set.c:84:34: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). options->outfile->file = fopen(options->outfile->name,"w"); data/eccodes-2.19.1/tools/bufr_split_by_rdbSubtype.c:117:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ofilename[2048] = {0,}; data/eccodes-2.19.1/tools/bufr_split_by_rdbSubtype.c:143:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(ofilename, "ab"); data/eccodes-2.19.1/tools/bufr_split_by_rdbSubtype.c:191:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). infh = fopen(filename, "rb"); data/eccodes-2.19.1/tools/codes_count.c:114:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). infh = fopen(filename, "rb"); data/eccodes-2.19.1/tools/codes_split_file.c:62:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(ofilename, "w"); data/eccodes-2.19.1/tools/codes_split_file.c:91:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(ofilename, "w"); data/eccodes-2.19.1/tools/codes_split_file.c:134:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nchunks = atoi(argv[i]); data/eccodes-2.19.1/tools/codes_split_file.c:146:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). infh = fopen(filename, "rb"); data/eccodes-2.19.1/tools/compile.c:17:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[1024]; data/eccodes-2.19.1/tools/compile.c:18:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1024]; data/eccodes-2.19.1/tools/compile.c:42:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1024]; data/eccodes-2.19.1/tools/compile.c:54:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(name, "grib_"); data/eccodes-2.19.1/tools/deprecated/dump.c:202:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(file,"r"); data/eccodes-2.19.1/tools/deprecated/dump.c:203:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *o = fopen(out,"w"); data/eccodes-2.19.1/tools/deprecated/dump.c:209:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char identifier[10]; data/eccodes-2.19.1/tools/deprecated/grib_add.c:38:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(argv[argc-1],"w"); data/eccodes-2.19.1/tools/deprecated/grib_add.c:47:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(argv[i],"r"); data/eccodes-2.19.1/tools/deprecated/grib_cmp.c:31:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buff1[1000000]; data/eccodes-2.19.1/tools/deprecated/grib_cmp.c:32:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buff2[1000000]; data/eccodes-2.19.1/tools/deprecated/grib_cmp.c:42:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f1 = fopen(file1,"r"); data/eccodes-2.19.1/tools/deprecated/grib_cmp.c:45:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f2 = fopen(file2,"r"); data/eccodes-2.19.1/tools/deprecated/grib_corruption_check.c:29:5: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fh=fopen(argv[1],"r"); data/eccodes-2.19.1/tools/deprecated/grib_diff.c:341:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f1 = fopen(file1,"r"); data/eccodes-2.19.1/tools/deprecated/grib_diff.c:342:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f2 = fopen(file2,"r"); data/eccodes-2.19.1/tools/deprecated/grib_distance.c:49:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in1 = fopen(argv[1],"r"); data/eccodes-2.19.1/tools/deprecated/grib_distance.c:55:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in2 = fopen(argv[2],"r"); data/eccodes-2.19.1/tools/deprecated/grib_error.c:156:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f1 = fopen(file1,"r"); data/eccodes-2.19.1/tools/deprecated/grib_error.c:157:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f2 = fopen(file2,"r"); data/eccodes-2.19.1/tools/deprecated/grib_error.c:226:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(outname,"w"); data/eccodes-2.19.1/tools/deprecated/grib_gen.c:42:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(infname,"r"); data/eccodes-2.19.1/tools/deprecated/grib_gen.c:62:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). of = fopen(ofname,"w"); data/eccodes-2.19.1/tools/deprecated/grib_keys.c:36:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1024]; data/eccodes-2.19.1/tools/deprecated/grib_keys.c:56:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/tools/deprecated/grib_keys.c:107:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paths[MAX_PLEN]; data/eccodes-2.19.1/tools/deprecated/grib_moments.c:55:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). split=atoi(argv[1]); data/eccodes-2.19.1/tools/deprecated/grib_moments.c:56:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). order=atoi(argv[2]); data/eccodes-2.19.1/tools/deprecated/grib_moments.c:58:5: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f1=fopen(argv[3],"r"); data/eccodes-2.19.1/tools/deprecated/grib_moments.c:64:5: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f2=fopen(argv[4],"r"); data/eccodes-2.19.1/tools/deprecated/grib_packing.c:75:12: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). bits = atol(optarg); data/eccodes-2.19.1/tools/deprecated/grib_packing.c:79:14: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dscale = atol(optarg); data/eccodes-2.19.1/tools/deprecated/grib_points.c:98:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f=fopen(options->latlon_mask,"r"); data/eccodes-2.19.1/tools/gaussian.c:32:13: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n = atol(argv[1]); data/eccodes-2.19.1/tools/gg_sub_area_check.c:46:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f1 = fopen(infile1, "r"); data/eccodes-2.19.1/tools/gg_sub_area_check.c:52:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f2 = fopen(infile2, "r"); data/eccodes-2.19.1/tools/grib2ppm.c:71:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/tools/grib2ppm.c:92:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(argv[i + 1], "r"); data/eccodes-2.19.1/tools/grib2ppm.c:102:29: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). r = atol(buf); data/eccodes-2.19.1/tools/grib2ppm.c:104:29: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g = atol(buf); data/eccodes-2.19.1/tools/grib2ppm.c:106:29: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). b = atol(buf); data/eccodes-2.19.1/tools/grib2ppm.c:126:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(argv[i], "r"); data/eccodes-2.19.1/tools/grib_2_request.c:25:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[80]; data/eccodes-2.19.1/tools/grib_2_request.c:26:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[80]; data/eccodes-2.19.1/tools/grib_2_request.c:35:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(argv[i], "r"); data/eccodes-2.19.1/tools/grib_2_request.c:45:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[100]; data/eccodes-2.19.1/tools/grib_check_gaussian_grid.c:50:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024] = {0,}; data/eccodes-2.19.1/tools/grib_check_gaussian_grid.c:97:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(filename, "r"); data/eccodes-2.19.1/tools/grib_check_gaussian_grid.c:112:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gridType[128] = {0,}; data/eccodes-2.19.1/tools/grib_compare.c:198:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). theStart = atoi(grib_options_get_option("S:")); data/eccodes-2.19.1/tools/grib_compare.c:201:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). theEnd = atoi(grib_options_get_option("E:")); data/eccodes-2.19.1/tools/grib_compare.c:266:39: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). options->infile_extra->file = fopen(options->infile_extra->name, "r"); data/eccodes-2.19.1/tools/grib_compare.c:336:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufr[2048] = {0,}; data/eccodes-2.19.1/tools/grib_compare.c:361:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shortName[254] = {0,}; data/eccodes-2.19.1/tools/grib_compare.c:362:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char levelType[254] = {0,}; data/eccodes-2.19.1/tools/grib_compare.c:363:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char level[254] = {0,}; data/eccodes-2.19.1/tools/grib_compare.c:364:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramId[254] = {0,}; data/eccodes-2.19.1/tools/grib_compare.c:365:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char packingType[254] = {0,}; data/eccodes-2.19.1/tools/grib_compare.c:366:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gridType[254] = {0,}; data/eccodes-2.19.1/tools/grib_compare.c:367:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char identifier[254] = {0,}; data/eccodes-2.19.1/tools/grib_compare.c:369:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stepRange[254] = {0,}; data/eccodes-2.19.1/tools/grib_compare.c:853:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[128] = {0,}; /* buffers to store the binary representation of codeflags */ data/eccodes-2.19.1/tools/grib_compare.c:854:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[128] = {0,}; data/eccodes-2.19.1/tools/grib_copy.c:74:34: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). options->outfile->file = fopen(options->outfile->name,"w"); data/eccodes-2.19.1/tools/grib_dump.c:126:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/eccodes-2.19.1/tools/grib_dump.c:211:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/eccodes-2.19.1/tools/grib_dump.c:212:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char identifier[100]; data/eccodes-2.19.1/tools/grib_dump.c:214:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "MESSAGE %d ( length=%ld )", options->handle_count, length); data/eccodes-2.19.1/tools/grib_get.c:112:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* f = fopen(options->latlon_mask, "r"); data/eccodes-2.19.1/tools/grib_get_data.c:293:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[MAX_STRING_LEN] = {0,}; data/eccodes-2.19.1/tools/grib_get_data.c:302:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(value, "MISSING"); data/eccodes-2.19.1/tools/grib_get_data.c:316:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(value, "%g", options->print_keys[i].double_value); data/eccodes-2.19.1/tools/grib_get_data.c:321:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(value, "%ld", (long)options->print_keys[i].long_value); data/eccodes-2.19.1/tools/grib_histogram.c:152:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char v[1024]; data/eccodes-2.19.1/tools/grib_ls.c:140:30: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* f = fopen(options->latlon_mask, "r"); data/eccodes-2.19.1/tools/grib_ls.c:225:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[MAX_STRING_LEN]; data/eccodes-2.19.1/tools/grib_ls.c:288:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grid_type[100]; data/eccodes-2.19.1/tools/grib_ls.c:321:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[MAX_STRING_LEN]; data/eccodes-2.19.1/tools/grib_merge.c:115:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s1[100] = {0,}; data/eccodes-2.19.1/tools/grib_merge.c:117:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s2[100] = {0,}; data/eccodes-2.19.1/tools/grib_merge.c:338:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char md5[200] = {0,}; data/eccodes-2.19.1/tools/grib_merge.c:339:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256] = {0,}; data/eccodes-2.19.1/tools/grib_nearest_land.c:44:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin = fopen(fname, "r"); data/eccodes-2.19.1/tools/grib_nearest_land.c:96:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin = fopen(fname, "r"); data/eccodes-2.19.1/tools/grib_nearest_land.c:110:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin = fopen(fname, "r"); data/eccodes-2.19.1/tools/grib_nearest_land.c:130:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin = fopen(fname, "r"); data/eccodes-2.19.1/tools/grib_options.c:237:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). options->index = atoi(grib_options_get_option("i:")); data/eccodes-2.19.1/tools/grib_options.c:249:34: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). options->infile_offset = atol(grib_options_get_option("X:")); data/eccodes-2.19.1/tools/grib_options.c:319:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). options->default_print_width = atoi(grib_options_get_option("W:")); data/eccodes-2.19.1/tools/grib_repair.c:20:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[SIZE]; data/eccodes-2.19.1/tools/grib_repair.c:34:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(argv[1], "r"); data/eccodes-2.19.1/tools/grib_repair.c:41:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(argv[2], "w"); data/eccodes-2.19.1/tools/grib_repair.c:49:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bad = fopen(argv[3], "w"); data/eccodes-2.19.1/tools/grib_set.c:88:34: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). options->outfile->file = fopen(options->outfile->name,"w"); data/eccodes-2.19.1/tools/grib_to_json.c:154:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(argv[i], "r"); data/eccodes-2.19.1/tools/grib_to_netcdf.c:37:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char argvString[2048] = {0,}; data/eccodes-2.19.1/tools/grib_to_netcdf.c:99:16: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atol(l) == atol(r); data/eccodes-2.19.1/tools/grib_to_netcdf.c:99:27: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atol(l) == atol(r); data/eccodes-2.19.1/tools/grib_to_netcdf.c:388:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/eccodes-2.19.1/tools/grib_to_netcdf.c:535:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[10240]; data/eccodes-2.19.1/tools/grib_to_netcdf.c:548:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/eccodes-2.19.1/tools/grib_to_netcdf.c:549:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[256]; data/eccodes-2.19.1/tools/grib_to_netcdf.c:569:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(name, "stepUnits"); data/eccodes-2.19.1/tools/grib_to_netcdf.c:1834:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1024]; data/eccodes-2.19.1/tools/grib_to_netcdf.c:1944:9: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n = atol(get_value(r, "fcmonth", 0)); data/eccodes-2.19.1/tools/grib_to_netcdf.c:2018:20: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). date = atol(p); data/eccodes-2.19.1/tools/grib_to_netcdf.c:2039:16: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). time = atol(get_value(r, "time", 0)); data/eccodes-2.19.1/tools/grib_to_netcdf.c:2042:19: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fcmonth = atol(get_value(r, "fcmonth", 0)); data/eccodes-2.19.1/tools/grib_to_netcdf.c:2105:75: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). setup.deflate = deflate ? ((strcmp(deflate, "none") == 0) ? -1 : atol(deflate)) : -1; data/eccodes-2.19.1/tools/grib_to_netcdf.c:2107:36: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). setup.refdate = refdate ? atol(refdate) : 19000101; data/eccodes-2.19.1/tools/grib_to_netcdf.c:2115:51: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). setup.checkvalidtime = checkvalidtime_env ? atol(checkvalidtime_env) : 1; data/eccodes-2.19.1/tools/grib_to_netcdf.c:2192:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grid_type[80]; data/eccodes-2.19.1/tools/grib_to_netcdf.c:2211:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grid_type[80]; data/eccodes-2.19.1/tools/grib_to_netcdf.c:2945:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char u[10240]; data/eccodes-2.19.1/tools/grib_to_netcdf.c:2982:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(u, "days since %ld-%02ld-%02ld 00:00:0.0", setup.refdate / 10000, (setup.refdate % 10000) / 100, (setup.refdate % 100)); data/eccodes-2.19.1/tools/grib_to_netcdf.c:2986:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(u, "months"); data/eccodes-2.19.1/tools/grib_to_netcdf.c:2993:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(u, "hours since 0000-00-00 00:00:00.0"); data/eccodes-2.19.1/tools/grib_to_netcdf.c:2996:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(u, "hours since %ld-%02ld-%02ld 00:00:00.0", setup.refdate / 10000, (setup.refdate % 10000) / 100, (setup.refdate % 100)); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3000:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(u, "hours"); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3012:37: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). long date = d ? atol(d) : 0; data/eccodes-2.19.1/tools/grib_to_netcdf.c:3013:37: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). long hour = t ? atol(t) : 0; data/eccodes-2.19.1/tools/grib_to_netcdf.c:3015:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(u, "hours since %ld-%02ld-%02ld %02ld:%02ld:00.0", date / 10000, (date % 10000) / 100, (date % 100), hour, min); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3022:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ymd[32] = ""; data/eccodes-2.19.1/tools/grib_to_netcdf.c:3031:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(ymd, "01"); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3034:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ymd, "00-00-00"); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3155:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char par[1024]; data/eccodes-2.19.1/tools/grib_to_netcdf.c:3156:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[1024000] = ""; data/eccodes-2.19.1/tools/grib_to_netcdf.c:3175:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timestamp[80]; data/eccodes-2.19.1/tools/grib_to_netcdf.c:3179:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char history[10240]; data/eccodes-2.19.1/tools/grib_to_netcdf.c:3288:53: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). values[j] = grib_date_to_julian(atol(get_value(cube, axis, j))) - grib_date_to_julian(setup.refdate); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3295:26: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lv = atol(sv); /* Detect error? */ data/eccodes-2.19.1/tools/grib_to_netcdf.c:3374:14: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *param = atol(p); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3380:18: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *table = atol(++p); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3388:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbl[4]; data/eccodes-2.19.1/tools/grib_to_netcdf.c:3389:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char par[4]; data/eccodes-2.19.1/tools/grib_to_netcdf.c:3395:22: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *param = atol(par); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3396:22: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *table = atol(tbl); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3409:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(att->name, "data"); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3436:77: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). long cfgtable = (is_param && tablestr != NULL) ? atol(get_value(cfg, "TABLE2", 0)) : -1; data/eccodes-2.19.1/tools/grib_to_netcdf.c:3438:38: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). long cfgparam = atol(cfgval); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3439:38: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). long dataparam = atol(dataval); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3457:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char metapath[1024]; data/eccodes-2.19.1/tools/grib_to_netcdf.c:3494:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1048]; data/eccodes-2.19.1/tools/grib_to_netcdf.c:3563:18: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (p && atol(p) != 0) { data/eccodes-2.19.1/tools/grib_to_netcdf.c:3755:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char month[32]; data/eccodes-2.19.1/tools/grib_to_netcdf.c:4067:39: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (!is_number(theArg) || atol(theArg) < 0 || atol(theArg) > 9) { data/eccodes-2.19.1/tools/grib_to_netcdf.c:4067:59: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (!is_number(theArg) || atol(theArg) < 0 || atol(theArg) > 9) { data/eccodes-2.19.1/tools/grib_to_netcdf.c:4126:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024] = {0,}; data/eccodes-2.19.1/tools/grib_to_netcdf.c:4170:44: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). setup.mmeans = mmeans ? (atol(mmeans) == 1) : FALSE; data/eccodes-2.19.1/tools/grib_to_netcdf.c:4176:33: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). setup.refdate = atol(get_value(r, "date", 0)); data/eccodes-2.19.1/tools/grib_to_netcdf.c:4180:37: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). setup.refdate = atol(p); data/eccodes-2.19.1/tools/grib_to_netcdf.c:4314:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[1024]; data/eccodes-2.19.1/tools/grib_to_netcdf.c:4340:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dataset[100]; data/eccodes-2.19.1/tools/grib_tools.c:171:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dump_file = fopen(global_options.dump_filename, "w"); data/eccodes-2.19.1/tools/grib_tools.c:306:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char iobuf[1024 * 1024]; data/eccodes-2.19.1/tools/grib_tools.c:332:28: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). infile->file = fopen(infile->name, "rb"); data/eccodes-2.19.1/tools/grib_tools.c:589:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/tools/grib_tools.c:602:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/eccodes-2.19.1/tools/grib_tools.c:607:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/eccodes-2.19.1/tools/grib_tools.c:799:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[MAX_STRING_LEN] = {0,}; data/eccodes-2.19.1/tools/grib_tools.c:914:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(value_str, "MISSING"); data/eccodes-2.19.1/tools/grib_tools.c:918:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(value_str, "not_found"); data/eccodes-2.19.1/tools/grib_tools.c:939:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(value_str, "%ld", lvalue); data/eccodes-2.19.1/tools/grib_tools.c:951:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(value_str, "not_found"); data/eccodes-2.19.1/tools/grib_tools.c:1002:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(value, "%ld...", lval[0]); data/eccodes-2.19.1/tools/grib_tools.c:1011:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(value, "%g...", dval[0]); data/eccodes-2.19.1/tools/grib_tools.c:1020:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(value, "%d...", (short)uval[0]); data/eccodes-2.19.1/tools/grib_tools.c:1036:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[MAX_STRING_LEN]; data/eccodes-2.19.1/tools/grib_tools.c:1086:29: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(value, "MISSING"); data/eccodes-2.19.1/tools/grib_tools.c:1093:64: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (dvalue == GRIB_MISSING_DOUBLE) sprintf(value, "MISSING"); data/eccodes-2.19.1/tools/grib_tools.c:1102:62: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (lvalue == GRIB_MISSING_LONG) sprintf(value, "MISSING"); data/eccodes-2.19.1/tools/grib_tools.c:1103:62: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf(value, "%ld", lvalue); data/eccodes-2.19.1/tools/grib_tools.c:1118:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(value, "MISSING"); data/eccodes-2.19.1/tools/grib_tools.c:1144:25: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(value, "%ld", lvalue); data/eccodes-2.19.1/tools/grib_tools.c:1208:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(value, "unknown"); data/eccodes-2.19.1/tools/grib_tools.c:1284:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1024] = {0,}; data/eccodes-2.19.1/tools/grib_tools.c:1321:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gts_trailer[4] = { '\x0D', '\x0D', '\x0A', '\x03' }; data/eccodes-2.19.1/tools/grib_tools.c:1340:34: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). options->outfile->file = fopen(options->outfile->name,"w"); data/eccodes-2.19.1/tools/grib_tools.c:1357:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gts_trailer[4]={'\x0D','\x0D','\x0A','\x03'}; data/eccodes-2.19.1/tools/gts_compare.c:61:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[1024] = {0,}; data/eccodes-2.19.1/tools/gts_compare.c:67:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fh = fopen(fname, "w"); data/eccodes-2.19.1/tools/gts_compare.c:165:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start = atoi(grib_options_get_option("S:")); data/eccodes-2.19.1/tools/gts_compare.c:168:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end = atoi(grib_options_get_option("E:")); data/eccodes-2.19.1/tools/gts_compare.c:234:39: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). options->infile_extra->file = fopen(options->infile_extra->name, "r"); data/eccodes-2.19.1/tools/gts_compare.c:252:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufr[2048] = {0,}; data/eccodes-2.19.1/tools/gts_copy.c:61:34: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). options->outfile->file = fopen(options->outfile->name,"w"); data/eccodes-2.19.1/tools/gts_dump.c:101:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/eccodes-2.19.1/tools/gts_dump.c:113:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/eccodes-2.19.1/tools/gts_dump.c:114:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char identifier[100]; data/eccodes-2.19.1/tools/gts_dump.c:123:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "MESSAGE %d ( length=%ld )", options->handle_count, length); data/eccodes-2.19.1/tools/load.c:166:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen(out, "w"); data/eccodes-2.19.1/tools/load.c:172:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). load_in = fopen(in, "r"); data/eccodes-2.19.1/tools/mars_request.c:32:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(argv[argc - 1], "r"); data/eccodes-2.19.1/tools/mars_request.c:42:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[1024]; data/eccodes-2.19.1/tools/metar_compare.c:94:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[1024] = {0,}; data/eccodes-2.19.1/tools/metar_compare.c:100:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fh = fopen(fname, "w"); data/eccodes-2.19.1/tools/metar_compare.c:229:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start = atoi(grib_options_get_option("S:")); data/eccodes-2.19.1/tools/metar_compare.c:232:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end = atoi(grib_options_get_option("E:")); data/eccodes-2.19.1/tools/metar_compare.c:297:39: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). options->infile_extra->file = fopen(options->infile_extra->name, "r"); data/eccodes-2.19.1/tools/metar_compare.c:346:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufr[2048] = {0,}; data/eccodes-2.19.1/tools/metar_copy.c:61:34: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). options->outfile->file = fopen(options->outfile->name,"w"); data/eccodes-2.19.1/tools/metar_dump.c:108:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/eccodes-2.19.1/tools/metar_dump.c:120:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/eccodes-2.19.1/tools/metar_dump.c:121:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char identifier[100]; data/eccodes-2.19.1/tools/metar_dump.c:130:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "MESSAGE %d ( length=%ld )", options->handle_count, length); data/eccodes-2.19.1/tools/taf_dump.c:102:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/eccodes-2.19.1/tools/taf_dump.c:114:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/eccodes-2.19.1/tools/taf_dump.c:115:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char identifier[100]; data/eccodes-2.19.1/tools/taf_dump.c:124:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "MESSAGE %d ( length=%ld )", options->handle_count, length); data/eccodes-2.19.1/tools/taf_ls.c:91:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[MAX_STRING_LEN]; data/eccodes-2.19.1/examples/C/grib_get_keys.c:62:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(filename); data/eccodes-2.19.1/examples/C/grib_get_keys.c:127:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(len == 1 + strlen(filename)); data/eccodes-2.19.1/examples/C/grib_sections_copy.c:66:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(what_str); ++i) { data/eccodes-2.19.1/fortran/grib_fortran.c:1347:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lsize=strlen(buf); data/eccodes-2.19.1/fortran/grib_fortran.c:1436:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lsize=strlen(buf); data/eccodes-2.19.1/fortran/grib_fortran.c:2151:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t erlen = strlen(err_msg); data/eccodes-2.19.1/fortran/grib_fortran.c:2153:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, err_msg,(size_t)erlen); data/eccodes-2.19.1/fortran/grib_fortran.c:2396:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l=strlen(bufval[i]); data/eccodes-2.19.1/fortran/grib_fortran.c:2399:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf("eachsize=%d strlen(bufval[i])=%ld\n",*eachsize,(long)strlen(bufval[i])); data/eccodes-2.19.1/fortran/grib_fortran.c:3163:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(cval[0])>*slen) err=GRIB_ARRAY_TOO_SMALL; data/eccodes-2.19.1/python/grib_interface.c:1021:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lsize = strlen(buf); data/eccodes-2.19.1/python/grib_interface.c:1090:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lsize = strlen(buf); data/eccodes-2.19.1/python/grib_interface.c:1481:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t erlen = strlen(err_msg); data/eccodes-2.19.1/python/grib_interface.c:1484:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, err_msg, (size_t)erlen); data/eccodes-2.19.1/python/grib_interface.c:1684:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l = strlen(bufval[i]); data/eccodes-2.19.1/python/grib_interface.c:1688:83: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf("eachsize=%d strlen(bufval[i])=%d\n", *eachsize, (unsigned int)strlen(bufval[i])); data/eccodes-2.19.1/python/swig_wrap_numpy.c:366:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const char* te = tb + strlen(tb); data/eccodes-2.19.1/python/swig_wrap_numpy.c:385:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const char* te = tb + strlen(tb); data/eccodes-2.19.1/python/swig_wrap_numpy.c:661:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) + 1 > (bsz - (r - buff))) return 0; data/eccodes-2.19.1/python/swig_wrap_numpy.c:682:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t lname = (name ? strlen(name) : 0); data/eccodes-2.19.1/python/swig_wrap_numpy.c:687:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(r,name,lname+1); data/eccodes-2.19.1/python/swig_wrap_numpy.c:846:91: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define PyString_AsStringAndSize(obj, s, len) {*s = PyString_AsString(obj); *len = *s ? strlen(*s) : 0;} data/eccodes-2.19.1/python/swig_wrap_numpy.c:3158:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return SWIG_FromCharPtrAndSize(cptr, (cptr ? strlen(cptr) : 0)); data/eccodes-2.19.1/python/swig_wrap_numpy.c:3228:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (psize) *psize = vptr ? (strlen((char *)vptr) + 1) : 0; data/eccodes-2.19.1/python/swig_wrap_numpy.c:3651:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(desired_dims); data/eccodes-2.19.1/python/swig_wrap_numpy.c:3658:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(actual_dims); data/eccodes-2.19.1/python/swig_wrap_numpy.c:9696:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t size = strlen(name)+1; data/eccodes-2.19.1/python/swig_wrap_numpy.c:9699:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(gv->name,name,size); data/eccodes-2.19.1/python/swig_wrap_numpy.c:9761:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(const_table[j].name)) == 0) { data/eccodes-2.19.1/python/swig_wrap_numpy.c:9770:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t lptr = strlen(ty->name)+2*sizeof(void*)+2; data/eccodes-2.19.1/python/swig_wrap_numpy.c:9776:15: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buff, methods[i].ml_doc, ldoc); data/eccodes-2.19.1/python/swig_wrap_numpy.c:9778:15: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buff, "swig_ptr: ", 10); data/eccodes-2.19.1/src/action_class_write.c:123:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(a->name) != 0) { data/eccodes-2.19.1/src/bufr_keys_iterator.c:131:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). kiter->prefix = (char*)grib_context_malloc_clear(kiter->current->context, strlen(kiter->current->name) + 10); data/eccodes-2.19.1/src/bufr_keys_iterator.c:147:76: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(kiter->current->context, strlen(kiter->prefix) + strlen(kiter->attributes[i_curr_attribute]->name) + 3); data/eccodes-2.19.1/src/bufr_keys_iterator.c:147:100: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(kiter->current->context, strlen(kiter->prefix) + strlen(kiter->attributes[i_curr_attribute]->name) + 3); data/eccodes-2.19.1/src/bufr_keys_iterator.c:206:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = (char*)grib_context_malloc_clear(c, strlen(kiter->prefix) + strlen(kiter->attributes[iattribute]->name) + 10); data/eccodes-2.19.1/src/bufr_keys_iterator.c:206:86: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = (char*)grib_context_malloc_clear(c, strlen(kiter->prefix) + strlen(kiter->attributes[iattribute]->name) + 10); data/eccodes-2.19.1/src/bufr_keys_iterator.c:213:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = (char*)grib_context_malloc_clear(c, strlen(kiter->current->name) + 10); data/eccodes-2.19.1/src/bufr_util.c:51:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* s = (char*)grib_context_malloc_clear(c, strlen(key) + 5); data/eccodes-2.19.1/src/bufr_util.c:285:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(hdr->ident, pTemp, IDENT_LEN - 1); data/eccodes-2.19.1/src/bufr_util.c:802:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). line[strlen(line)-1] = 0; data/eccodes-2.19.1/src/bufr_util.c:844:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *len = strlen(NOT_FOUND); /*By default*/ data/eccodes-2.19.1/src/bufr_util.c:922:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!isEcmwfLocal || strlen(bh->ident) == 0) data/eccodes-2.19.1/src/grib_accessor_class.c:141:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c = *((grib_accessor_classes_hash(creator->op, strlen(creator->op)))->cclass); data/eccodes-2.19.1/src/grib_accessor_class_bits.c:346:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *len = strlen(v); data/eccodes-2.19.1/src/grib_accessor_class_bits.c:352:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *len = strlen(v); data/eccodes-2.19.1/src/grib_accessor_class_bufr_data_array.c:1847:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(sval); data/eccodes-2.19.1/src/grib_accessor_class_bufr_data_element.c:363:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(sval); data/eccodes-2.19.1/src/grib_accessor_class_bufr_data_element.c:386:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (str == 0 || strlen(str) == 0) { data/eccodes-2.19.1/src/grib_accessor_class_bufr_data_element.c:404:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(str); data/eccodes-2.19.1/src/grib_accessor_class_bufr_elements_table.c:265:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). DebugAssert( strlen(line) > 0 ); data/eccodes-2.19.1/src/grib_accessor_class_bufr_elements_table.c:282:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). DebugAssert( strlen(line) > 0 ); data/eccodes-2.19.1/src/grib_accessor_class_bufr_elements_table.c:362:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Assert( strlen(list[1]) < maxlen_shortName ); data/eccodes-2.19.1/src/grib_accessor_class_bufr_elements_table.c:363:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Assert( strlen(list[4]) < maxlen_units ); data/eccodes-2.19.1/src/grib_accessor_class_codeflag.c:184:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j = strlen(codename); data/eccodes-2.19.1/src/grib_accessor_class_codeflag.c:188:9: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(line, "%49s %49s", num, bval); data/eccodes-2.19.1/src/grib_accessor_class_codeflag.c:192:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t linelen = strlen(line); data/eccodes-2.19.1/src/grib_accessor_class_codeflag.c:202:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = (strlen(num) + strlen(bval) + 2); i < linelen - 1; i++) data/eccodes-2.19.1/src/grib_accessor_class_codeflag.c:202:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = (strlen(num) + strlen(bval) + 2); i < linelen - 1; i++) data/eccodes-2.19.1/src/grib_accessor_class_codeflag.c:215:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(codename, ":"); data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:247:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s_len = strlen(p) + 1; data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:433:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). line[strlen(line) - 1] = 0; data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:634:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(tmp) + 1; data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:718:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s_len = strlen(p) + 1; data/eccodes-2.19.1/src/grib_accessor_class_codetable.c:751:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(cval) + 1; data/eccodes-2.19.1/src/grib_accessor_class_codetable_title.c:191:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(tmp) + 1; data/eccodes-2.19.1/src/grib_accessor_class_codetable_units.c:186:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(tmp) + 1; data/eccodes-2.19.1/src/grib_accessor_class_concept.c:428:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = strlen(buf) + 1; data/eccodes-2.19.1/src/grib_accessor_class_concept.c:627:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(p) + 1; data/eccodes-2.19.1/src/grib_accessor_class_data_g1complex_packing.c:209:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t lenstr = strlen(self->ieee_packing); data/eccodes-2.19.1/src/grib_accessor_class_data_g1second_order_general_packing.c:325:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t size = strlen(type); data/eccodes-2.19.1/src/grib_accessor_class_data_g1second_order_row_by_row_packing.c:453:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t size = strlen(type); data/eccodes-2.19.1/src/grib_accessor_class_data_g1simple_packing.c:240:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t lenstr = strlen(self->ieee_packing); data/eccodes-2.19.1/src/grib_accessor_class_dictionary.c:239:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list = (char*)grib_context_malloc_clear(c, strlen(line) + 1); data/eccodes-2.19.1/src/grib_accessor_class_dictionary.c:240:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(list, line, strlen(line)); data/eccodes-2.19.1/src/grib_accessor_class_dictionary.c:260:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list = (char*)grib_context_malloc_clear(c, strlen(line) + 1); data/eccodes-2.19.1/src/grib_accessor_class_dictionary.c:261:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(list, line, strlen(line)); data/eccodes-2.19.1/src/grib_accessor_class_double.c:154:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(repres) + 1; data/eccodes-2.19.1/src/grib_accessor_class_g1area.c:243:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len[0] = strlen(val); data/eccodes-2.19.1/src/grib_accessor_class_g1date.c:297:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(tmp) + 1; data/eccodes-2.19.1/src/grib_accessor_class_g1day_of_the_year_date.c:183:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(tmp) + 1; data/eccodes-2.19.1/src/grib_accessor_class_g1fcperiod.c:155:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(tmp) + 1; data/eccodes-2.19.1/src/grib_accessor_class_g1step_range.c:346:13: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(step_unit_string, "h"); data/eccodes-2.19.1/src/grib_accessor_class_g1step_range.c:411:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(buf) + 1; data/eccodes-2.19.1/src/grib_accessor_class_g2level.c:213:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t lpa = strlen(pa); data/eccodes-2.19.1/src/grib_accessor_class_g2step_range.c:187:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(buf) + 1; data/eccodes-2.19.1/src/grib_accessor_class_gaussian_grid_name.c:186:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(tmp) + 1; data/eccodes-2.19.1/src/grib_accessor_class_gen.c:177:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s_len = strlen(p) + 1; data/eccodes-2.19.1/src/grib_accessor_class_gen.c:348:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *len = strlen(v); data/eccodes-2.19.1/src/grib_accessor_class_gen.c:358:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *len = strlen(v); data/eccodes-2.19.1/src/grib_accessor_class_gen.c:419:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(cval); data/eccodes-2.19.1/src/grib_accessor_class_gen.c:499:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(v[i]); data/eccodes-2.19.1/src/grib_accessor_class_getenv.c:168:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(self->value); data/eccodes-2.19.1/src/grib_accessor_class_getenv.c:172:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *len = strlen(self->value); data/eccodes-2.19.1/src/grib_accessor_class_group.c:152:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (s && strlen(s) > 1) { data/eccodes-2.19.1/src/grib_accessor_class_julian_date.c:376:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(val) == 15) { data/eccodes-2.19.1/src/grib_accessor_class_julian_date.c:485:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(cval); data/eccodes-2.19.1/src/grib_accessor_class_label.c:155:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t vlen = strlen(a->name); data/eccodes-2.19.1/src/grib_accessor_class_long.c:161:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(repres) + 1; data/eccodes-2.19.1/src/grib_accessor_class_mars_param.c:207:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *len = strlen(val) + 1; data/eccodes-2.19.1/src/grib_accessor_class_mars_step.c:203:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *len = strlen(val); data/eccodes-2.19.1/src/grib_accessor_class_md5.c:250:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *len = strlen(v) + 1; data/eccodes-2.19.1/src/grib_accessor_class_offset_file.c:159:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(repres) + 1; data/eccodes-2.19.1/src/grib_accessor_class_proj_string.c:343:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(v); data/eccodes-2.19.1/src/grib_accessor_class_round.c:173:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). replen = strlen(result) + 1; data/eccodes-2.19.1/src/grib_accessor_class_sexagesimal2decimal.c:258:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(buff); data/eccodes-2.19.1/src/grib_accessor_class_smart_table.c:348:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). line[strlen(line) - 1] = 0; data/eccodes-2.19.1/src/grib_accessor_class_smart_table.c:458:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(tmp) + 1; data/eccodes-2.19.1/src/grib_accessor_class_sprintf.c:164:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uname_len = strlen(uname); data/eccodes-2.19.1/src/grib_accessor_class_sprintf.c:229:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). replen = strlen(result) + 1; data/eccodes-2.19.1/src/grib_accessor_class_step_human_readable.c:178:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *length = strlen(result); data/eccodes-2.19.1/src/grib_accessor_class_trim.c:166:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(val); data/eccodes-2.19.1/src/grib_accessor_class_variable.c:182:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(p) + 1; data/eccodes-2.19.1/src/grib_accessor_class_variable.c:314:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(p) + 1; data/eccodes-2.19.1/src/grib_accessor_class_variable.c:349:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(self->cval); data/eccodes-2.19.1/src/grib_api.h:180:9: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. int equal; data/eccodes-2.19.1/src/grib_api_internal.h:1066:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). grib_data_read_proc read; data/eccodes-2.19.1/src/grib_api_prototypes.h:989:80: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void grib_context_set_data_accessing_proc(grib_context* c, grib_data_read_proc read, grib_data_write_proc write, grib_data_tell_proc tell); data/eccodes-2.19.1/src/grib_bits_any_endian.c:104:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(s, string, strlen(string)); data/eccodes-2.19.1/src/grib_context.c:177:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return c->read(c, ptr, size, stream); data/eccodes-2.19.1/src/grib_context.c:475:21: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buffer, ":"); data/eccodes-2.19.1/src/grib_context.c:485:21: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buffer, ":"); data/eccodes-2.19.1/src/grib_context.c:585:51: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c->read = default_grib_context.read; data/eccodes-2.19.1/src/grib_context.c:641:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(path, c->grib_definition_files_path, ECC_PATH_MAXLEN); data/eccodes-2.19.1/src/grib_context.c:876:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* dup = (char*)grib_context_malloc_persistent(c, (strlen(s) * sizeof(char)) + 1); data/eccodes-2.19.1/src/grib_context.c:923:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dup = (char*)grib_context_malloc(c, (strlen(s) * sizeof(char)) + 1); data/eccodes-2.19.1/src/grib_context.c:1000:80: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void grib_context_set_data_accessing_proc(grib_context* c, grib_data_read_proc read, grib_data_write_proc write, grib_data_tell_proc tell) data/eccodes-2.19.1/src/grib_context.c:1002:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c->read = read; data/eccodes-2.19.1/src/grib_context.c:1031:13: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(msg, ")"); data/eccodes-2.19.1/src/grib_db.c:617:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(z) == 0) { data/eccodes-2.19.1/src/grib_db.c:911:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = (*x) + strlen(*x) - 1; data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_C.c:216:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_C.c:278:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_C.c:278:89: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_C.c:314:78: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_C.c:364:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_C.c:421:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_C.c:421:89: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_C.c:468:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_C.c:532:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_C.c:593:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_filter.c:196:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_filter.c:243:77: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_filter.c:243:95: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_filter.c:279:78: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_filter.c:322:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_filter.c:350:77: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_filter.c:350:95: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_filter.c:394:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_filter.c:447:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_filter.c:507:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_fortran.c:199:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_fortran.c:248:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_fortran.c:248:89: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_fortran.c:284:78: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_fortran.c:329:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_fortran.c:380:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_fortran.c:380:89: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_fortran.c:423:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_fortran.c:476:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_fortran.c:536:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_python.c:209:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_python.c:264:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_python.c:264:89: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_python.c:300:78: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_python.c:343:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_python.c:392:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_python.c:392:89: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_python.c:439:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_python.c:489:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_decode_python.c:547:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_C.c:251:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_C.c:336:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_C.c:336:89: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_C.c:386:78: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_C.c:474:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_C.c:554:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_C.c:554:89: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_C.c:599:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_C.c:664:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_C.c:712:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(value, ""); /* Empty string means MISSING string */ data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_C.c:736:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(acc_name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_filter.c:228:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_filter.c:303:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_filter.c:303:89: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_filter.c:341:78: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_filter.c:411:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_filter.c:485:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_filter.c:485:89: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_filter.c:531:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_filter.c:604:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_filter.c:651:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(value, ""); /* Empty string means MISSING string */ data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_filter.c:675:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:189:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t len = strlen(input); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:299:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:384:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:384:89: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:434:78: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:521:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:605:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(pref) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:605:89: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(pref) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:651:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:718:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:766:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(value, ""); /* Empty string means MISSING string */ data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_fortran.c:790:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(acc_name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_python.c:252:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_python.c:337:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_python.c:337:89: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_python.c:386:78: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_python.c:474:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_python.c:553:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_python.c:553:89: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_python.c:598:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_python.c:662:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_python.c:709:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(value, ""); /* Empty string means MISSING string */ data/eccodes-2.19.1/src/grib_dumper_class_bufr_encode_python.c:733:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(acc_name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_simple.c:226:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_simple.c:302:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_simple.c:302:89: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_simple.c:349:78: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_simple.c:428:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_simple.c:503:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_simple.c:503:89: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_simple.c:551:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_simple.c:615:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_bufr_simple.c:681:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(acc_name) + 10)); data/eccodes-2.19.1/src/grib_dumper_class_default.c:389:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(self->dumper.out, "%-*s\"%s\",\n", (int)(tab + strlen(a->name) + 4), " ", values[i]); data/eccodes-2.19.1/src/grib_dumper_class_default.c:667:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). upper = (char*)malloc(strlen(a->name) + 1); data/eccodes-2.19.1/src/grib_dumper_class_grib_encode_C.c:182:13: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, "1"); data/eccodes-2.19.1/src/grib_dumper_class_grib_encode_C.c:184:13: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, "0"); data/eccodes-2.19.1/src/grib_dumper_class_grib_encode_C.c:188:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, ";"); data/eccodes-2.19.1/src/grib_dumper_class_keys.c:288:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). upper = (char*)malloc(strlen(a->name) + 1); data/eccodes-2.19.1/src/grib_dumper_class_serialize.c:338:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). last = strlen(values_format) - 1; data/eccodes-2.19.1/src/grib_dumper_class_serialize.c:347:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pc) > 1) { data/eccodes-2.19.1/src/grib_dumper_class_serialize.c:425:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(secstr); data/eccodes-2.19.1/src/grib_dumper_class_wmo.c:531:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). upper = (char*)malloc(strlen(a->name) + 1); data/eccodes-2.19.1/src/grib_dumper_class_wmo.c:653:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(self->dumper.out, "%-*s\"%s\",\n", (int)(tab + strlen(a->name) + 4), " ", values[i]); data/eccodes-2.19.1/src/grib_expression_class_is_in_dict.c:140:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list = (char*)grib_context_malloc_clear(c, strlen(line) + 1); data/eccodes-2.19.1/src/grib_expression_class_is_in_dict.c:141:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(list, line, strlen(line)); data/eccodes-2.19.1/src/grib_expression_class_is_in_dict.c:216:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *size = strlen(buf); data/eccodes-2.19.1/src/grib_expression_class_is_in_list.c:215:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *size = strlen(buf); data/eccodes-2.19.1/src/grib_expression_class_length.c:111:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *result = strlen(mybuf); data/eccodes-2.19.1/src/grib_expression_class_length.c:124:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *result = strlen(mybuf); data/eccodes-2.19.1/src/grib_expression_class_length.c:136:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(buf, "%ld", (long)strlen(mybuf)); data/eccodes-2.19.1/src/grib_expression_class_sub_string.c:114:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t slen = strlen(value); data/eccodes-2.19.1/src/grib_fieldset.c:574:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(z) == 0) { data/eccodes-2.19.1/src/grib_fieldset.c:903:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = (*x) + strlen(*x) - 1; data/eccodes-2.19.1/src/grib_hash_keys.c:9900:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const struct grib_keys_hash* hash = grib_keys_hash_get(key, strlen(key)); data/eccodes-2.19.1/src/grib_header_compute.c:235:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, p, n); data/eccodes-2.19.1/src/grib_index.c:362:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/eccodes-2.19.1/src/grib_io.c:72:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readproc read; data/eccodes-2.19.1/src/grib_io.c:111:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, buffer + already_read, rest, &err) != rest) || err) { data/eccodes-2.19.1/src/grib_io.c:179:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i], 3, &err) != 3 || err) data/eccodes-2.19.1/src/grib_io.c:186:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i], 1, &err) != 1 || err) data/eccodes-2.19.1/src/grib_io.c:195:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i], 3, &err) != 3 || err) data/eccodes-2.19.1/src/grib_io.c:201:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, tmp + i, sec1len - 3, &err) != sec1len - 3) || err) data/eccodes-2.19.1/src/grib_io.c:211:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i], 3, &err) != 3 || err) data/eccodes-2.19.1/src/grib_io.c:218:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, tmp + i, sec2len - 3, &err) != sec2len - 3) || err) data/eccodes-2.19.1/src/grib_io.c:228:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i], 1, &err) != 1 || err) data/eccodes-2.19.1/src/grib_io.c:238:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, tmp + i, sec3len - 3, &err) != sec3len - 3) || err) data/eccodes-2.19.1/src/grib_io.c:247:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i], 1, &err) != 1 || err) data/eccodes-2.19.1/src/grib_io.c:256:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, tmp + i, 8, &err) != 8) || err) data/eccodes-2.19.1/src/grib_io.c:271:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i], 1, &err) != 1 || err) data/eccodes-2.19.1/src/grib_io.c:280:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i++], 1, &err) != 1 || err) data/eccodes-2.19.1/src/grib_io.c:283:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i++], 1, &err) != 1 || err) data/eccodes-2.19.1/src/grib_io.c:286:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i++], 1, &err) != 1 || err) data/eccodes-2.19.1/src/grib_io.c:289:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i++], 1, &err) != 1 || err) data/eccodes-2.19.1/src/grib_io.c:292:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i], 1, &err) != 1 || err) data/eccodes-2.19.1/src/grib_io.c:301:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, tmp + i, sec1len - 3 - 5, &err) != sec1len - 3 - 5) || err) data/eccodes-2.19.1/src/grib_io.c:309:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i], 1, &err) != 1 || err) data/eccodes-2.19.1/src/grib_io.c:318:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, tmp + i, sec2len - 3, &err) != sec2len - 3) || err) data/eccodes-2.19.1/src/grib_io.c:328:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i], 1, &err) != 1 || err) data/eccodes-2.19.1/src/grib_io.c:338:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, tmp + i, sec3len - 3, &err) != sec3len - 3) || err) data/eccodes-2.19.1/src/grib_io.c:349:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i], 1, &err) != 1 || err) data/eccodes-2.19.1/src/grib_io.c:376:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i], 1, &err) != 1 || err) data/eccodes-2.19.1/src/grib_io.c:387:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i], 1, &err) != 1 || err) data/eccodes-2.19.1/src/grib_io.c:399:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i], 1, &err) != 1 || err) data/eccodes-2.19.1/src/grib_io.c:434:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Assert(strlen(type) == 4); data/eccodes-2.19.1/src/grib_io.c:441:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i], 1, &err) != 1 || err) data/eccodes-2.19.1/src/grib_io.c:453:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, tmp + i, sec1len - 3, &err) != sec1len - 3) || err) data/eccodes-2.19.1/src/grib_io.c:459:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i], 1, &err) != 1 || err) data/eccodes-2.19.1/src/grib_io.c:481:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, buf, length, &err) != length) || err) { data/eccodes-2.19.1/src/grib_io.c:520:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, buf, 4, &err) != 4) || err) { data/eccodes-2.19.1/src/grib_io.c:534:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, &version_of_superblock, 1, &err) != 1) || err) { data/eccodes-2.19.1/src/grib_io.c:541:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, &size_of_offsets, 1, &err) != 1) || err) { data/eccodes-2.19.1/src/grib_io.c:552:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, &size_of_lengths, 1, &err) != 1) || err) { data/eccodes-2.19.1/src/grib_io.c:558:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, &consistency_flags, 1, &err) != 1) || err) { data/eccodes-2.19.1/src/grib_io.c:584:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, &version_of_file_free_space, 1, &err) != 1) || err) data/eccodes-2.19.1/src/grib_io.c:588:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, &version_of_root_group_symbol_table, 1, &err) != 1) || err) data/eccodes-2.19.1/src/grib_io.c:592:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, &ch, 1, &err) != 1) || err) data/eccodes-2.19.1/src/grib_io.c:596:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, &version_number_shared_header, 1, &err) != 1) || err) data/eccodes-2.19.1/src/grib_io.c:600:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, &size_of_offsets, 1, &err) != 1) || err) data/eccodes-2.19.1/src/grib_io.c:608:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, &size_of_lengths, 1, &err) != 1) || err) data/eccodes-2.19.1/src/grib_io.c:612:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, &ch, 1, &err) != 1) || err) data/eccodes-2.19.1/src/grib_io.c:616:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, &skip, 4, &err) != 4) || err) data/eccodes-2.19.1/src/grib_io.c:623:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, &skip, 4, &err) != 4) || err) data/eccodes-2.19.1/src/grib_io.c:632:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, &skip, 4, &err) != 4) || err) data/eccodes-2.19.1/src/grib_io.c:679:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, buf, 8, &err) != 8) || err) { data/eccodes-2.19.1/src/grib_io.c:721:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i], 1, &err) != 1 || err) data/eccodes-2.19.1/src/grib_io.c:735:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i], 1, &err) != 1 || err) data/eccodes-2.19.1/src/grib_io.c:755:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i++], 1, &err) != 1 || err) data/eccodes-2.19.1/src/grib_io.c:758:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i++], 1, &err) != 1 || err) data/eccodes-2.19.1/src/grib_io.c:761:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i++], 1, &err) != 1 || err) data/eccodes-2.19.1/src/grib_io.c:764:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i], 1, &err) != 1 || err) data/eccodes-2.19.1/src/grib_io.c:774:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, tmp + i, n, &err) != n) || err) data/eccodes-2.19.1/src/grib_io.c:782:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i], 1, &err) != 1 || err) data/eccodes-2.19.1/src/grib_io.c:793:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, tmp + i, sec2len - 3, &err) != sec2len - 3) || err) data/eccodes-2.19.1/src/grib_io.c:801:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i], 1, &err) != 1 || err) data/eccodes-2.19.1/src/grib_io.c:812:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((r->read(r->read_data, tmp + i, sec3len - 3, &err) != sec3len - 3) || err) data/eccodes-2.19.1/src/grib_io.c:817:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i], 1, &err) != 1 || err) data/eccodes-2.19.1/src/grib_io.c:855:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (r->read(r->read_data, &c, 1, &err) == 1 && err == 0) { data/eccodes-2.19.1/src/grib_io.c:946:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (r->read(r->read_data, &c, 1, &err) == 1 && err == 0) { data/eccodes-2.19.1/src/grib_io.c:959:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &tmp[i], 6, &err) != 6 || err) data/eccodes-2.19.1/src/grib_io.c:969:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (r->read(r->read_data, &c, 1, &err) == 1 && err == 0) { data/eccodes-2.19.1/src/grib_io.c:982:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r->read(r->read_data, buffer + already_read, message_size - already_read, &err); data/eccodes-2.19.1/src/grib_io.c:1005:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (r->read(r->read_data, &c, 1, &err) == 1 && err == 0) { data/eccodes-2.19.1/src/grib_io.c:1020:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (r->read(r->read_data, &c, 1, &err) == 1 && err == 0) { data/eccodes-2.19.1/src/grib_io.c:1030:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r->read(r->read_data, buffer + already_read, message_size - already_read, &err); data/eccodes-2.19.1/src/grib_io.c:1053:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (r->read(r->read_data, &c, 1, &err) == 1 && err == 0) { data/eccodes-2.19.1/src/grib_io.c:1059:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (r->read(r->read_data, &c, 1, &err) != 1 || err != 0) data/eccodes-2.19.1/src/grib_io.c:1072:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (r->read(r->read_data, &c, 1, &err) == 1 && err == 0) { data/eccodes-2.19.1/src/grib_io.c:1082:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r->read(r->read_data, buffer + already_read, message_size - already_read, &err); data/eccodes-2.19.1/src/grib_itrie_keys.c:387:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const struct grib_keys_hash* hash = grib_keys_hash_get(key, strlen(key)); data/eccodes-2.19.1/src/grib_keys_iterator.c:47:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (name_space != NULL && strlen(name_space) > 0) data/eccodes-2.19.1/src/grib_lex.c:1181:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int c = getc(grib_yyin); (void)max_size; \ data/eccodes-2.19.1/src/grib_lex.c:1312:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( grib_yyin )) != EOF && c != '\n'; ++n ) \ data/eccodes-2.19.1/src/grib_lex.c:2977:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return grib_yy_scan_bytes( grib_yystr, (int) strlen(grib_yystr) ); data/eccodes-2.19.1/src/grib_loader_from_array.c:182:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len=strlen(strvalue); data/eccodes-2.19.1/src/grib_loader_from_file.c:75:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(strvalue); data/eccodes-2.19.1/src/grib_loader_from_file.c:96:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(strvalue); data/eccodes-2.19.1/src/grib_loader_from_file.c:125:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). line[strlen(line) - 1] = 0; data/eccodes-2.19.1/src/grib_loader_from_file.c:128:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(line, escape, strlen(escape)) == 0) { data/eccodes-2.19.1/src/grib_loader_from_handle.c:34:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(h->values[j][i].string_value); data/eccodes-2.19.1/src/grib_parse_utils.c:148:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptrEnd_fname = pc + strlen(val); /* Update ptr to end of fname */ data/eccodes-2.19.1/src/grib_parse_utils.c:160:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int llen=strlen(fname); /* The strlen cost is too high */ data/eccodes-2.19.1/src/grib_parse_utils.c:444:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t uname_len = strlen(uname); data/eccodes-2.19.1/src/grib_parse_utils.c:461:37: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). separator = strncpy(buff1, uname + i + 1, l - 1); data/eccodes-2.19.1/src/grib_parse_utils.c:469:30: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). format = strncpy(buff, uname + i, l); data/eccodes-2.19.1/src/grib_query.c:173:13: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. while (*equal != 0 && *equal != '=') data/eccodes-2.19.1/src/grib_query.c:173:28: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. while (*equal != 0 && *equal != '=') data/eccodes-2.19.1/src/grib_query.c:178:20: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. endCondition = equal; data/eccodes-2.19.1/src/grib_query.c:184:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str = (char*)grib_context_malloc_clear(c, strlen(name)); data/eccodes-2.19.1/src/grib_util.c:308:9: [1] (buffer) fscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (fscanf(fh, "%100s", param) == EOF) { data/eccodes-2.19.1/src/grib_util.c:312:12: [1] (buffer) fscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. while (fscanf(fh, "%100s", s) != EOF) { data/eccodes-2.19.1/src/grib_util.c:315:17: [1] (buffer) fscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (fscanf(fh, "%100s", param) == EOF) { data/eccodes-2.19.1/src/grib_util.c:1829:58: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. static void set_value(grib_values* value, char* str, int equal) data/eccodes-2.19.1/src/grib_util.c:1835:20: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. value->equal = equal; data/eccodes-2.19.1/src/grib_util.c:1845:35: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. set_value(value->next, s, equal); data/eccodes-2.19.1/src/grib_util.c:1934:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). values[i].name = (char*)calloc(1, strlen(p) + 1); data/eccodes-2.19.1/src/grib_util.c:1985:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(value) == 0) { data/eccodes-2.19.1/src/grib_util.c:1992:42: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. set_value(&values[i], value, equal); data/eccodes-2.19.1/src/grib_value.c:1126:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). DebugAssert(name != NULL && strlen(name) > 0); data/eccodes-2.19.1/src/grib_value.c:1653:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(args[i].string_value); data/eccodes-2.19.1/src/grib_yacc.c:1866:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define grib_yystrlen(S) (YY_CAST (YYPTRDIFF_T, strlen (S))) data/eccodes-2.19.1/src/md5.c:315:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). grib_md5_add(&s,p,strlen(p)); data/eccodes-2.19.1/src/string_util.c:35:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/eccodes-2.19.1/src/string_util.c:51:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* p = (*x) + strlen(*x) - 1; data/eccodes-2.19.1/src/string_util.c:94:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). DebugAssert(delimiter && (strlen(delimiter) == 1)); data/eccodes-2.19.1/src/string_util.c:104:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strLength = strlen(inputString); data/eccodes-2.19.1/src/string_util.c:154:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t len1 = strlen(str1); data/eccodes-2.19.1/src/string_util.c:155:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t len2 = strlen(str2); data/eccodes-2.19.1/tests/bufr_check_descriptors.c:35:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Assert(strlen(line) > 0); data/eccodes-2.19.1/tests/bufr_check_descriptors.c:41:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str_key) >= maxlen_keyName) { data/eccodes-2.19.1/tests/bufr_check_descriptors.c:46:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str_units) >= maxlen_units) { data/eccodes-2.19.1/tests/grib_2nd_order_numValues.c:2735:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen("sfc"); data/eccodes-2.19.1/tests/grib_2nd_order_numValues.c:2739:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(packingType[ipackingType]); data/eccodes-2.19.1/tests/grib_ccsds_perf.c:64:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t grid_ccsds_l = strlen(grid_ccsds); data/eccodes-2.19.1/tests/grib_ccsds_perf.c:66:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t grid_simple_l = strlen(grid_simple); data/eccodes-2.19.1/tests/grib_lam_bf.c:710:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(grids[igrid]); data/eccodes-2.19.1/tests/grib_lam_bf.c:751:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen("bifourier_complex"); data/eccodes-2.19.1/tests/grib_lam_gp.c:847:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen("lambert_lam"); data/eccodes-2.19.1/tests/grib_lam_gp.c:850:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(grids[igrid]); data/eccodes-2.19.1/tests/grib_lam_gp.c:901:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen("s"); data/eccodes-2.19.1/tests/grib_lam_gp.c:903:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen("s"); data/eccodes-2.19.1/tests/grib_lam_gp.c:907:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen("grid_simple"); data/eccodes-2.19.1/tests/grib_local_MeteoFrance.c:857:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen("lambert"); data/eccodes-2.19.1/tests/grib_local_MeteoFrance.c:864:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen("SURFTEMPERATURE"); data/eccodes-2.19.1/tests/grib_local_MeteoFrance.c:891:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen("s"); data/eccodes-2.19.1/tests/grib_local_MeteoFrance.c:896:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen("s"); data/eccodes-2.19.1/tests/grib_local_MeteoFrance.c:900:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen("grid_simple"); data/eccodes-2.19.1/tests/grib_local_MeteoFrance.c:906:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen("SURFTEMPERATURE"); data/eccodes-2.19.1/tests/grib_optimize_scaling.c:2724:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(packingType); data/eccodes-2.19.1/tests/grib_optimize_scaling_sh.c:238:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen("stretched_rotated_sh"); data/eccodes-2.19.1/tests/grib_optimize_scaling_sh.c:249:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen("spectral_complex"); data/eccodes-2.19.1/tests/grib_sh_ieee64.c:238:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen("stretched_rotated_sh"); data/eccodes-2.19.1/tests/grib_sh_ieee64.c:249:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen("spectral_complex"); data/eccodes-2.19.1/tests/grib_sh_imag.c:240:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen("stretched_rotated_sh"); data/eccodes-2.19.1/tests/grib_sh_imag.c:251:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen("spectral_complex"); data/eccodes-2.19.1/tests/jpeg_perf.c:64:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t grid_jpeg_l = strlen(grid_jpeg); data/eccodes-2.19.1/tests/jpeg_perf.c:66:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t grid_simple_l = strlen(grid_simple); data/eccodes-2.19.1/tests/png_perf.c:64:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t grid_png_l = strlen(grid_png); data/eccodes-2.19.1/tests/png_perf.c:66:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t grid_simple_l = strlen(grid_simple); data/eccodes-2.19.1/tests/so_perf.c:258:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t grid_simple_l=strlen(grid_simple); data/eccodes-2.19.1/tests/tests.ecmwf/compatibility_ex.c:20:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ofname=(char*)malloc(sizeof(char)*(strlen(fname)+6)); data/eccodes-2.19.1/tests/tests.ecmwf/sample.c:68:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ext,buffer,4); data/eccodes-2.19.1/tests/tests.ecmwf/sample.c:87:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(fname,"_"); data/eccodes-2.19.1/tests/tests.ecmwf/sample.c:90:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(fname,"."); data/eccodes-2.19.1/tools/bufr_compare.c:852:26: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal) { data/eccodes-2.19.1/tools/bufr_compare.c:1225:75: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* fullname = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/tools/bufr_compare.c:1225:93: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* fullname = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); data/eccodes-2.19.1/tools/bufr_compare.c:1291:80: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = (char*)grib_context_malloc_clear(context, sizeof(char) * (strlen(xa->name) + 10)); data/eccodes-2.19.1/tools/bufr_dump.c:118:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(json_option) > 1 || (json_option[0] != 's' && json_option[0] != 'f' && json_option[0] != 'a')) { data/eccodes-2.19.1/tools/bufr_filter.c:89:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(options->current_infile->name); data/eccodes-2.19.1/tools/bufr_ls.c:109:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(options->current_infile->name); data/eccodes-2.19.1/tools/codes_split_file.c:47:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ofilename = (char*)calloc(1, strlen(filename) + 10); data/eccodes-2.19.1/tools/compile.c:45:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (*p && strncmp(p, "definitions", strlen("definitions"))) data/eccodes-2.19.1/tools/compile.c:55:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j = strlen(name); data/eccodes-2.19.1/tools/deprecated/grib_keys.c:62:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buf) > 0) { data/eccodes-2.19.1/tools/deprecated/grib_keys.c:110:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(paths, c->grib_samples_path, MAX_PLEN); data/eccodes-2.19.1/tools/grib2ppm.c:45:17: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = fgetc(f)) != EOF) { data/eccodes-2.19.1/tools/grib_filter.c:82:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(options->current_infile->name); data/eccodes-2.19.1/tools/grib_ls.c:364:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(options->current_infile->name); data/eccodes-2.19.1/tools/grib_options.c:175:13: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(optstr, grib_options[i].id, 2); data/eccodes-2.19.1/tools/grib_to_netcdf.c:2029:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(p) == 3) { data/eccodes-2.19.1/tools/grib_to_netcdf.c:2177:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stat = nc_put_att_text(ncid, var_id, "units", strlen(units), units); data/eccodes-2.19.1/tools/grib_to_netcdf.c:2182:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stat = nc_put_att_text(ncid, var_id, "long_name", strlen(long_name), long_name); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3025:17: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(ymd, date, 4); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3026:17: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(ymd, "-"); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3027:17: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(ymd, date + 4, 2); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3028:17: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(ymd, "-"); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3049:80: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stat = nc_put_att_text(ncid, var_id, "avg_period", strlen(period), period); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3053:66: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stat = nc_put_att_text(ncid, var_id, "calendar", strlen(cal), cal); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3099:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stat = nc_put_att_text(ncid, var_id, "units", strlen(txt), txt); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3105:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stat = nc_put_att_text(ncid, var_id, "long_name", strlen(txt), txt); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3111:75: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stat = nc_put_att_text(ncid, var_id, "short_name", strlen(txt), txt); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3117:78: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stat = nc_put_att_text(ncid, var_id, "standard_name", strlen(txt), txt); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3125:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stat = nc_put_att_text(ncid, var_id, "other",strlen(txt),txt); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3135:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stat = nc_put_att_text(ncid, var_id, p->name, strlen(txt), txt); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3163:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stat = nc_put_att_text(ncid, var_id, par, strlen(val), (val)); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3183:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stat = nc_put_att_text(ncid, NC_GLOBAL, "Conventions", strlen(convention), convention); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3199:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stat = nc_put_att_text(ncid, NC_GLOBAL, "history", strlen(history), history); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3203:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stat = nc_put_att_text(ncid, NC_GLOBAL, "source",strlen(setup.source),setup.source); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3206:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stat = nc_put_att_text(ncid, NC_GLOBAL, "institution",strlen(institution),institution); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3211:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stat = nc_put_att_text(ncid, NC_GLOBAL, "title", strlen(setup.title), setup.title); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3372:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(p); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3391:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tbl, p, 3); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3393:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(par, p + 3, 3); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3468:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(att->name)) data/eccodes-2.19.1/tools/grib_to_netcdf.c:3469:33: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(att->name, "_"); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3485:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(att->name)) data/eccodes-2.19.1/tools/grib_to_netcdf.c:3486:21: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(att->name, "_"); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3670:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(filters[i].att.name) == 0) { data/eccodes-2.19.1/tools/grib_to_netcdf.c:3759:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (n == 2 && strlen(month) == 3) { data/eccodes-2.19.1/tools/grib_to_netcdf.c:3843:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(dim); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3972:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). currLen += strlen(argv[i]); data/eccodes-2.19.1/tools/grib_to_netcdf.c:3977:13: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(argvString, " "); data/eccodes-2.19.1/tools/grib_tools.c:680:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlenkey = strlen(options->print_keys[j].name); data/eccodes-2.19.1/tools/grib_tools.c:727:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(options->requested_print_keys[i].name) > options->default_print_width) data/eccodes-2.19.1/tools/grib_tools.c:728:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). options->default_print_width = (int)strlen(options->requested_print_keys[i].name); data/eccodes-2.19.1/tools/grib_tools.c:752:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) > options->default_print_width) data/eccodes-2.19.1/tools/grib_tools.c:753:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). options->default_print_width = (int)strlen(name); data/eccodes-2.19.1/tools/grib_tools.c:806:23: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. ret = v->equal ? grib_inline_strcmp(value, v->string_value) : !grib_inline_strcmp(value, v->string_value); data/eccodes-2.19.1/tools/grib_tools.c:810:23: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. ret = v->equal ? (dvalue != v->double_value) : (dvalue == v->double_value); data/eccodes-2.19.1/tools/grib_tools.c:814:23: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. ret = v->equal ? (lvalue != v->long_value) : (lvalue == v->long_value); data/eccodes-2.19.1/tools/grib_tools.c:818:36: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. ret = (lvalue == v->equal) ? 0 : 1; data/eccodes-2.19.1/tools/grib_tools.c:834:16: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (v->equal) { data/eccodes-2.19.1/tools/grib_tools.c:1167:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlenvalue = (int)strlen(value); data/eccodes-2.19.1/tools/grib_tools.c:1192:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlenvalue = (int)strlen(value); data/eccodes-2.19.1/tools/grib_tools.c:1227:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlenvalue = (int)strlen(value); data/eccodes-2.19.1/tools/gts_filter.c:79:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(options->current_infile->name); data/eccodes-2.19.1/tools/load.c:87:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t s = strlen(value); data/eccodes-2.19.1/tools/metar_filter.c:76:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(options->current_infile->name); data/eccodes-2.19.1/tools/taf_filter.c:78:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(options->current_infile->name); ANALYSIS SUMMARY: Hits = 2322 Lines analyzed = 230249 in approximately 19.30 seconds (11928 lines/second) Physical Source Lines of Code (SLOC) = 177899 Hits@level = [0] 3518 [1] 464 [2] 1409 [3] 48 [4] 400 [5] 1 Hits@level+ = [0+] 5840 [1+] 2322 [2+] 1858 [3+] 449 [4+] 401 [5+] 1 Hits/KSLOC@level+ = [0+] 32.8276 [1+] 13.0523 [2+] 10.4441 [3+] 2.5239 [4+] 2.25409 [5+] 0.00562117 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.